Re: Database securing problem

From: B Andrei (bandrei@mediafax.ro)
Date: 11/06/02 

From: "B Andrei" <bandrei@mediafax.ro>
Date: Wed, 6 Nov 2002 02:44:07 -0800

   Hello, Ricky. I thought at this solution, but I'm in
serious doubt if in this case I'll have any gain in speed
with ADO (compared with an mdb / ADO). Even the stored
procedures / triggers and views that can be encrypted with
embedded SQL Server functions aren't much help, because
the algorithms for 6.5 and 7.0 have been broken and
decryption is possible. My impression is that SQL Server
so much discussed security is in fact only NT/2000
security, that might be one of the reasons why MSDE 2000
doesn't work on Win 95 /98. I mean I've copied for tests
several databases from different SQL Servers (7.0 and
2000) from my agency, by simply stopping the servers until
the mdf and ldf files where copied to another location
(without detaching them) and I've attached them to my own
server... surprise... everything was in clear text. In
this case, and assuming that I find record level home-made
encryption a last solution, the MSDE isn't an off the
shelf solution for client desktop applications.
    If you have any suggestions please respond. The data
in under a license that restricts access to basic
information and only analytical results of computations
can be made available for the clients. Also the content is
counting about 1 million records and rising pretty fast.
The target clients (about 99 %) are not in a LAN so a
dedicated database server is not an option.

 Andrei Bostinariu

>-----Original Message-----
>Hi, Andrei. That's the only solution I could see as far
as sql server is
>concerned... I guess it would be best to encrypt the data
if it is that
>sensitive and if you want it to run on all windows
platforms. ;o)
>
>Ricky Artigas
>
>"B Andrei" <bandrei@mediafax.ro> wrote in message
>news:562b01c284a7$3f4449c0$37ef2ecf@TKMSFTNGXA13...
>> I wish I could, but the application is for
>> distribution and it should work on all Windows
platforms,
>> including 95 and 98. So this is not a solution to my
>> problem.
>> That's the reason for using MSDE 1.0 and not the new
>> version. I've searched everywhere and I can't imagine
that
>> Microsoft didn't included not one single way to protect
>> the content of a database, any sort of encryption (even
in
>> Access you can use the workgroup file and this kind of
>> problem is solved).
>> I mean... all you must do to access the content of a
>> database is to stop the MSDE, copy the mdf and ldf files
>> to your own MSDE of SQL Server and attach them, and you
>> have access to everything with your own admin (sa user).
>> The only solution I currently have is to encrypt the
>> sensitive content myself in every single record!
>>
>>
>> >-----Original Message-----
>> >Place it on a Win2k or XP machine and set the file
>> permissions.
>> >
>> >"B Andrei" <bandrei@mediafax.ro> wrote in message
>> >news:470501c283eb$cefc7540$37ef2ecf@TKMSFTNGXA13...
>> >> I'm running a MSDE 1.0 on a windows 98 machine.
>> >> Whatever user permissions for my database I set,
another
>> >> person with file access can simply copy the database
>> (mdf
>> >> and ldf files) to another sql server that he owns (so
>> that
>> >> he knows the passwords) and attach my database
>> >> successfully.
>> >> I'm planning to distribute a desktop application
>> with
>> >> an MSDE engine for database support and I can not
find
>> any
>> >> solution to secure the content of it.
>> >> Please help... if any of the ms guys can give me
a
>> >> suggestion. The previous version of my application
used
>> an
>> >> Access database with a workgroup file and it worked
very
>> >> well, but now I can't find something to prevent
someone
>> to
>> >> copy the database without detaching it and browsing
the
>> >> content.
>> >>
>> >> Regards,
>> >> Andrei B.
>> >>
>> >
>> >
>> >.
>> >
>
>
>.
>

Relevant Pages

  • Re: MSDE Encryption?
    ... there's no built in encryption. ... Any suggestions on securing the msde files on a laptop? ... My thinking is that if someone stole the laptop they could access the files ... >> msde with a central sql server. ...
    (microsoft.public.sqlserver.msde)
  • Re: Protocol encryption
    ... > MSDE? ... but I don't know how to install certificate in MSDE) ... article about setting a SSL encryption... ... Andrea Montanari (Microsoft MVP - SQL Server) ...
    (microsoft.public.sqlserver.msde)
  • encryption, problem getting set up
    ... Using MSDE 2000 with Service Pack 3. ... I am trying to set up encryption on a machine. ... In SQL Server Client Network Utility, ... protocol encryption (enabled protocols are TCP/ID & Named ...
    (microsoft.public.sqlserver.server)
  • Re: SQL or Access DB
    ... As far as encryption goes though... ... with Sql Server you can use SQL DMO and encrypt your stored procedures ... installation - Security was absolutely critical and in most instances, ... > then we create a nice gui around this database and sell it to automotive ...
    (microsoft.public.dotnet.languages.vb)
  • RE: MSDE, Access, SharePoint... I am not sure where to ask this qu
    ... 1.>> What is the difference between MSDE and WMSDE? ... MSDE that is targeted for use by Windows components only. ... isn't SQL Server Express replacing MSDE and WMSDE? ... Microsoft CSS Online Newsgroup Support ...
    (microsoft.public.windows.server.sbs)