Re: ms sql server 2000 security too weak ?

From: Egbert Nierop \(MVP for IIS\) (egbert_nierop_at_nospam.invalid)
Date: 04/12/04


Date: Mon, 12 Apr 2004 22:17:47 +0200


> "Egbert Nierop (MVP for IIS)" <egbert_nierop@nospam.invalid> escribió en
el mensaje
> news:uj3L1IFIEHA.3356@TK2MSFTNGP11.phx.gbl...
> "RW" <goldbase@centrin.net.id> wrote in message
> news:4079FBD2.559B@centrin.net.id...
> > It seems the authority for DBA is too much to control the safety of .mdf
> > , why not add an additional password or key to protect it, if someone
> > copy the .mdf files and install to a new sql server service, they can
> > read everything using sa facility, is it worse than ms.access ?
> >
> > at least ms.access still need some extra job to crack it, but the .mdf
> > is too simple, just copy and read it.
> >
> > Especially the MSDE version in one single computer, even the hardware
> > technician can duplicate and sell your important data.
> >
> > Anyone have solution for this security problem ?
>
> You have a choice. Have MSDE run, on a reserved account
> - NTFS security
> - Data Encryption
> - Also, you can store data on a raw partition, that cannot be copied so
> easily.

"Hernán Castelo" <hhh@hotmail.com> wrote in message
news:%23KshfkMIEHA.3476@TK2MSFTNGP11.phx.gbl...
> hi
> what is necessary to do for encrypt data?
>
> --
> atte,
> Hernán Castelo
> UTN Buenos Aires
> . . . . . . . . . . . . . . . . . . . . . . . . .
.

Your application can encrypt data. If you have .NET you can use Rijnhaeve
(If I spell correctly) and such. .NET samples show how to do it.
With C++ (7.0 and higher) there are encryption templates as well.



Relevant Pages

  • Re: ms sql server 2000 security too weak ?
    ... what is necessary to do for encrypt data? ... > It seems the authority for DBA is too much to control the safety of .mdf ... > Anyone have solution for this security problem? ... Have MSDE run, on a reserved account ...
    (microsoft.public.sqlserver.server)
  • Re: ms sql server 2000 security too weak ?
    ... what is necessary to do for encrypt data? ... > It seems the authority for DBA is too much to control the safety of .mdf ... > Anyone have solution for this security problem? ... Have MSDE run, on a reserved account ...
    (microsoft.public.sqlserver.security)
  • Re: ms sql server 2000 security too weak ?
    ... >> Especially the MSDE version in one single computer, even the hardware ... Have MSDE run, on a reserved account ... Your application can encrypt data. ... .NET samples show how to do it. ...
    (microsoft.public.sqlserver.security)