Re: Password protecting database and keeping on a removable media.

Tech-Archive recommends: Repair Windows Errors & Optimize Windows Performance

From: Mike Epprecht \(SQL MVP\) (mike_at_epprecht.net)
Date: 02/21/05 

Date: Mon, 21 Feb 2005 22:25:20 +0100

Hi

It would be visible if you do a DIR, but you first need to get to the file
system

With EFS, the Certificate present in a specific Active Directory based user
profile gives the user access to the file or directory. Nobody else. You
can't even recover the files if the user looses his/her password.

This is the extreme, but if you want it totally secure, it is the way to go.

There a few articles on EFS on the MS site and a Google search will bring
you a lot too.

This is an OS solution, for an OS problem.

Even if you use the encryption facility in SQL Server 2005, a certificate
needs to be present, so the same rules apply as above.

Regards
--------------------------------
Mike Epprecht, Microsoft SQL Server MVP
Zurich, Switzerland

IM: mike@epprecht.net

MVP Program: http://www.microsoft.com/mvp

Blog: http://www.msmvps.com/epprecht/

"RPK" <RPK@discussions.microsoft.com> wrote in message
news:645F8E2A-B475-46A7-B68F-A5D5D03FC055@microsoft.com...
> Mike,
>
> It is a good idea to keep the database on an EFS (NTFS). Can you
illustrate
> more clearly on how a database file located on NTFS partition be secured
so
> that it not easily visible even if someone is able to search the DIR.
>
> "Mike Epprecht (SQL MVP)" wrote:
>
> > Hi
> >
> > The Access encryption protection is easily broken. Tools are freely
> > available on the Internet.
> >
> > SQL Server relies on physical security, plus authentication. If you want
to,
> > put the DB on an NTFS formatted drive with Encrption (EFS).
> >
> > Regards
> > Mike
> >
> > "RPK" wrote:
> >
> > > If I only use 'Password Protection' for my SQL Server Database, is it
> > > sufficient to protect the database? Is the password protection of SQL
Server
> > > 2000 strong enough?
> > >
> > > Why SQL Server 2000 does not possess 'Encrypting Database' feature,
when
> > > they have given this facility in MS Access?
> > >
> > > I am thinking to keep the database on a removable media like Iomega
Zip
> > > Drive so that my client can carry the disk with him, but how it'll
effect the
> > > database performance?

Relevant Pages

  • RE: Relative Security Provided by Cached Domain Credentials?
    ... So when a user logs on the w2k terminal using a smartcard + pin no (rather ... If it does then EFS ... profile currently logged on for the private certificate. ...
    (Focus-Microsoft)
  • RE: Relative Security Provided by Cached Domain Credentials?
    ... certificates assigned to them, with each certificate having a set number ... smart card management tools which provide private key archival for smart ... AND the cert is also valid for EFS, they likely would be able to do ... What you probably could get to work for local file encryption, ...
    (Focus-Microsoft)
  • Re: EFS Disabling
    ... >> I had to reinstall XP on a computer and so I copied my EFS ... They have the same account names ... > You must have exported your EFS security certificate (onto a floppy ... > claiming that if you included your profile in your backups that there ...
    (microsoft.public.security)
  • Re: How to decrypt EFS-protected restored files?
    ... It is my understanding that some backup programs do not backup efs files ... I export my EFS certificate to a floppy. ... > describes the steps in restoring EFS-protected files, the order of importing ...
    (microsoft.public.security)
  • Re: EFS Errors
    ... Disabling DFS can disrupt your Group Policy propagation which may be causing ... your EFS errors if you have changed your Recovery Agent Certificate. ... I am able to encrypt on the server but noone is able to encrypt ...
    (microsoft.public.security)