Re: Application concerns OVER Login

From: Andrew J. Kelly (ajkellynospam@attbi.com)
Date: 04/07/03 

From: "Andrew J. Kelly" <ajkellynospam@attbi.com>
Date: Sun, 6 Apr 2003 19:30:03 -0400

None that I know of. Basically if you give the .mdf to someone and they
have SQL Server, they can do what they want. You can encrypt the sp's,
udf's etc but the data is a different matter. Your best bet is a good
copyright policy. 

-- 
Andrew J. Kelly
SQL Server MVP
"Giacomo" <00avoidspam@solsticepoint.com> wrote in message
news:eF86egH$CHA.2368@TK2MSFTNGP10.phx.gbl...
> Andrew, BP...
>
> Creating a removable database is definitely what I have in mind.
> Is there technology available for enabling a secure disconnected database
> (sounds like a common problem - maybe just scrambling the data)?  Maybe
the
> .NET platform has something already in place?  I ran across a concept
titled
> 'code access security' but this appears web based.  I won't have the
luxury
> of a internet connection with this software in some of the more remote
> regions we go into.  Perhaps there is a method for making the software
> believe the database is on a local Intranet? (I can require that the
> computer have a minimum Windows platform of 2000).
> http://msdn.microsoft.com/msdnmag/issues/02/06/rich/default.aspx
> I'm not sure this fits my case however.  I'm grasping at straws.
>
> Giacomo
> >
> > The only thing that is stored in the database is the users not the
server
> > logins.  So if someone gets a cd with a DB on it and they have a copy of
> SQL
> > Server then most likely they can log in as sa and do what they want with
> > your db.  You basically can't stop sa from accessing your data if they
> have
> > the data files.  There is no built in protection in that manner.
> >
> >
>
>

Relevant Pages