March 5, 2018 at 12:42 am
Hi All,
Can a TDE database be viewed / hacked by a login with sysadmin pemissions ?
Assume some dba got access to a backup file of a database on which TDE is enabled or got access to the MDF and LDF can a DBA restore it/attach the db and can view data?
Basically, trying check options other than SQL 2016 Always encrypted feature. So, trying to find out loop holes of TDE. We want to implement this on one of the Azure Paas Db.
Thanks,
Sam
March 5, 2018 at 12:48 am
vsamantha35 - Monday, March 5, 2018 12:42 AMHi All,
Can a TDE database be viewed / hacked by a login with sysadmin pemissions ?
Yes, because it just protects data at rest. Anyone who has a valid login to the instance can read the DB if it's attached to that instance. TDE protects the DB from being restored or attached to any instance that does not have the certificate. That is all.
Assume some dba got access to a backup file of a database on which TDE is enabled or got access to the MDF and LDF can a DBA restore it/attach the db and can view data?
No, the whole point of TDE it to protect data at rest. No certificate, no restore/attach of the DB.
Gail Shaw
Microsoft Certified Master: SQL Server, MVP, M.Sc (Comp Sci)
SQL In The Wild: Discussions on DB performance with occasional diversions into recoverability
March 5, 2018 at 2:21 am
Thanks a lot Gail.
Viewing 3 posts - 1 through 2 (of 2 total)
You must be logged in to reply to this topic. Login to reply