Re: ms sql server 2000 security too weak ?
From: Egbert Nierop \(MVP for IIS\) (egbert_nierop_at_nospam.invalid)
Date: Mon, 12 Apr 2004 22:17:47 +0200
> "Egbert Nierop (MVP for IIS)" <firstname.lastname@example.org> escribió en
> "RW" <email@example.com> wrote in message
> > It seems the authority for DBA is too much to control the safety of .mdf
> > , why not add an additional password or key to protect it, if someone
> > copy the .mdf files and install to a new sql server service, they can
> > read everything using sa facility, is it worse than ms.access ?
> > at least ms.access still need some extra job to crack it, but the .mdf
> > is too simple, just copy and read it.
> > Especially the MSDE version in one single computer, even the hardware
> > technician can duplicate and sell your important data.
> > Anyone have solution for this security problem ?
> You have a choice. Have MSDE run, on a reserved account
> - NTFS security
> - Data Encryption
> - Also, you can store data on a raw partition, that cannot be copied so
"Hernán Castelo" <firstname.lastname@example.org> wrote in message
> what is necessary to do for encrypt data?
> Hernán Castelo
> UTN Buenos Aires
> . . . . . . . . . . . . . . . . . . . . . . . . .
Your application can encrypt data. If you have .NET you can use Rijnhaeve
(If I spell correctly) and such. .NET samples show how to do it.
With C++ (7.0 and higher) there are encryption templates as well.