Re: mission impossible: How to protect a Sql Server (with VB.NET) from somebody who as administrator rights?
From: Cowboy \(Gregory A. Beamer\) (NoSpamMgbworld_at_comcast.netNoSpamM)
Date: 11/03/05
- Next message: pierre.basson_at_psitek.com: "How to send certificate for client authentication?"
- Previous message: Pieter: "Re: mission impossible: How to protect a Sql Server (with VB.NET) from somebody who as administrator rights?"
- In reply to: Pieter: "mission impossible: How to protect a Sql Server (with VB.NET) from somebody who as administrator rights?"
- Next in thread: Jim Underwood: "Re: mission impossible: How to protect a Sql Server (with VB.NET) from somebody who as administrator rights?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 3 Nov 2005 07:25:33 -0600
Rather than attempt to change their rights for their data, consider putting
a mechanism into place that stores historical data so you have a way to
prove who change the data and when. This, in the long run, will have a
greater effect, as you can say "you change your payments from $1000 to $2000
on December 5, 2005 at 12:35:36.001 AM", which is against our rules. Rather
than locking them out, logging changes and even sending alerts to key staff
when certain fields are changed -- priceless.
This can certainly be done in SQL Server with triggers, but realize that the
sysadmin can change or delete triggers. If you put a VB.NET front end, you
have the power to do what you want, as long as they cannot circumvent the
front end you create. If they have table access, you are toast.
I cannot give you a firm direction without a better understanding of the
product, which is beyond the scope of an open forum. Now, if you want to
stop changes to certain fields, you can add a trigger that refuses updates
on that field. Realize they can disable it, however.
One more option: Have a second copy of the data that you do not want them to
change. You can then compare deltas and find cases where they are playing
games and then present them with the evidence.
-- Gregory A. Beamer MVP; MCP: +I, SE, SD, DBA *********************************************** Think Outside the Box! *********************************************** "Pieter" <pietercoucke@hotmail.com> wrote in message news:uAtUqlG4FHA.4076@TK2MSFTNGP15.phx.gbl... > Hi, > > I'm sorry for the probable cross-posting, but I need a solution that can > be either via Sql Server (preferable) or via .NET... > > In one of our commpany's we're having a huge problem with a crazy > situation: A lot of people which are working for the company are also > supplier to the company. So they are manage their own delivery's, and > their own payments... > > They used to have applications in Access, but if they want to (and they > do, hehe) thay can change their own payments they earn. Some of them have > even administration rights, and full access to the Sql Server Database (it > personell etc). > > So what I need is: > - make the application in VB.NET, without giving them the source offcourse > - a protection so that, even with administrator rights, they can't change > their own data. I was thinking about something like a checksum-algeorithm. > > Does anybody has experience with this? how should I implement an > checksum-algorithm? What other options do I have? > > Any help will be really appreciated!! > > Thanks a lot in advance, > > > Pieter >
- Next message: pierre.basson_at_psitek.com: "How to send certificate for client authentication?"
- Previous message: Pieter: "Re: mission impossible: How to protect a Sql Server (with VB.NET) from somebody who as administrator rights?"
- In reply to: Pieter: "mission impossible: How to protect a Sql Server (with VB.NET) from somebody who as administrator rights?"
- Next in thread: Jim Underwood: "Re: mission impossible: How to protect a Sql Server (with VB.NET) from somebody who as administrator rights?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
