Re: Secure a SQL-Server 2000 database.

From: Orko On (orkunon@hotmail.com)
Date: 01/21/03 

From: "Orko On" <orkunon@hotmail.com>
Date: Tue, 21 Jan 2003 21:49:30 +0200

hi,
i am very confused about this security thing.

if you write a program and install it to customer. trusting to administrator
is not a issue.
at least a database must have a password. even Access has.
it is not calming that a curious customer can bypass your program and change
a value directly in database.
i write a lot of emails about this and i feel that this is a serious
problem.

Thanks
Orko

"Mary Chipman" <mchip@nomail.please> wrote in message
news:lvrq2vgchj66ro5cbggcm6nbtv48tajklt@4ax.com...
> >I find it strange that Microsoft don't have any solution for this.
> >Even SQL-Anywhere from Sybase or Pervasive.SQL have better security
> >than this.
>
> Not really. If someone is an administrator, then they can do anything.
> The assumption is that the administrator is trusted, and if you can't
> trust an administrator, then you're doomed. Are you saying you can
> protect a database on SQL Anywhere or Sybase from a system
> administrator? I don't think so.
>
> This is a difficult problem that has more to do social engineering and
> less to do with technical solutions. Basically, there is no technology
> that exists that can provide perfect security that meets every need,
> and there never will be. Fact of life--get over it. "Better security"
> is a purely subjective term, and utterly meaningless since the needs
> of different applications vary so widely.
>
> -- Mary
> MCW Technologies
> http://www.mcwtech.com
>

Relevant Pages