Re: Secure a SQL-Server 2000 database.

From: Ingar Eide (ingar@eide.gs)
Date: 01/23/03 

From: ingar@eide.gs (Ingar Eide)
Date: 23 Jan 2003 00:04:01 -0800

Mary Chipman <mchip@nomail.please> wrote in message news:<d4au2v4ntkrg0n1pf3nrl9u1v3thsc0lq0@4ax.com>...
> >Yes, if they is an administrator they can do anything. But SQL
> >Anywhere does not have any logins to the server, they log in to the DB
> >instead, and the users/logins are stored in the DB instead of the
> >server.
>
> And what makes you think this is secure? I don't even know SQL
> Anywhere, and I'd be willing to bet almost any amount of money that
> whatever encryption algorithm used on these logins/passwords has
> already been cracked. If an attacker has physical access to a file,
> any file, you have no security at all if that person is sufficiently
> motivated and has the right knowledge/tools.
>

I'm sure everything can be or has been cracked, but I feel that with
SQLServer, there is nothing I can do to protect my data/structure if I
don't have control over the machine. The DB is "complete open".
If the logins were in the DB instead of the SQLserver, there was at
least a chance to protect the DB.

I hope Microsoft will come up with a better solution for us that use
SQLserver for applications who is ment for mass distribution where we
don't have control over the DBserver (machine).

But as you say, if a person has the file and is motivated to crack it
he can do that.

So all in all, I think we have to write something about it in the
license agreement.

-Ingar.

Relevant Pages

  • Re: Secure a SQL-Server 2000 database.
    ... Look at the SQL encryption product there. ... > SQLServer, there is nothing I can do to protect my data/structure if I ... > don't have control over the DBserver. ...
    (microsoft.public.sqlserver.security)
  • RE: SQL SERVER 2000 Integraion
    ... It will integrate with stored procedures. ... how it can provide version control for user defined functions. ... > control on my Store Procedures in SQL 2000? ... > SQLSERVER? ...
    (microsoft.public.vstudio.sourcesafe)
  • Re: object level permissions being lost when migrating
    ... I am talking about SQL Logins, ... can go to the object and see that user X has permissions XYZ on that object, ... I then restored the databases and re-synched the users via the ...
    (microsoft.public.sqlserver.security)
  • Re: object level permissions being lost when migrating
    ... Just want to confirm that you are talking about SQL Logins and not windows Logins correct? ... As far as I know the compatibility level should not be an issue one way or the other but exactly how are you looking at the permissions? ... I first transferred the logins from the 2000 server to the 2005 server via ...
    (microsoft.public.sqlserver.security)
  • Re: Logging in irrespective of database access
    ... Try connecting using Query Analyzer with one of the problem logins and run ... the following in the context of your demodata and accounts databases: ... This will return the security context used to access the database. ... SQL Server MVP ...
    (microsoft.public.sqlserver.server)