Re: Password Protect SQL SERVER

From: Andrew J. Kelly (
Date: 02/04/04

Date: Wed, 4 Feb 2004 15:44:03 -0500

By default there is a local NT admin account that is also sa. If they log
on to their box as the local admin they are essentially sa. You can remove
that account but that won't really stop someone from getting at it if they
want and have rights to the physical machine. The real answer here has
always been to make sure you have a good copywrite, NDA etc to cover this
area. There are some 3rd party tools to encrypt the db but it can be a real
hassle and in the long run I am not sure how effective it is. Take a look
on google for past posts regarding encryption and sql server for more

Andrew J. Kelly
SQL Server MVP
<> wrote in message
> We are the sa. We give to the customer MSDE with an added
> user in the user table which will let them get to the
> application if a valid user.
> If they plan on buying sql server on thir own and putting
> in our database is their a way we can stop them from
> reading the database and egtting to its structure by
> password protecting the database on the msde or by
> encrypting the database.
> >-----Original Message-----
> >If they own the server and are sa then you can't.  sa
> can see or do
> >everything on the server.
> >
> >-- 
> >
> >Andrew J. Kelly
> >SQL Server MVP
> >
> >
> >"HP" <> wrote in
> message
> >news:a26901c3eb2c$e9d5d7e0$a601280a@phx.gbl...
> >> We have a database that we distribute for our
> application
> >> to customers. We add users to a user table to allow
> >> access to the web application only. How can I protect
> the
> >> database with a secret password that only we know and
> the
> >> customer can only access the data and use the database
> >> but cannot get to the database using EM or Query
> Analyser
> >> unless he knwos the password.
> >>
> >> Help is appreciated.
> >>
> >> I am new to all this so if some one could please guide
> me
> >> to the right direction.
> >>
> >> Thansk a lot.
> >
> >
> >.
> >