Re: Protecting database from administrators
From: ZSL (inzaneleo_at_yahoo.com.au)
Date: 03/27/04
- Previous message: Hari Prasad: "Re: Protecting database from administrators"
- In reply to: Hari Prasad: "Re: Protecting database from administrators"
- Next in thread: Hari Prasad: "Re: Protecting database from administrators"
- Reply: Hari Prasad: "Re: Protecting database from administrators"
- Reply: Stephen Strong: "Re: Protecting database from administrators"
- Reply: Mark Allison: "Re: Protecting database from administrators"
- Reply: Mike B.: "Re: Protecting database from administrators"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Sun, 28 Mar 2004 06:41:18 +1000
Hari
This is surely a weakness of MS-SQL. Take two instances:
1. Database architecture, design and implementation is a valuable asset.
Commercially, a developer, me included, would need to protect the asset.
This allows anyone to get access to and use/change the data dictionary.
2. Databases with sensitive information - for example patient medical
information - will be exposed to anyone who cares to gain access. This is
very important where an application/database is for wide distribution.
Again, for example, clinical systems for general use by doctors but
maintained by non-clinical personnel
Many other issues/situations can be described.....
Encrypting data is not sufficient. In any event the added overhead of
encrypted data is a potentially unnecessary overhead.
Are there any third-party tools that will allow the whole data dictionary
for a database to be locked up?
Are there any plans by MS to resolve this issue?
ZSL
"Hari Prasad" <hari_prasad_k@hotmail.com> wrote in message
news:OVnh2hCFEHA.1128@TK2MSFTNGP11.phx.gbl...
> Hi,
>
> You can't restrict the OS administrators fully, because they have full
> rights on all folders and registry keys inwhich SQL server resides.
> But, you can restrict them to an extend by removing "System Admin" role
from
> BUILTIN/ADMINISTRATORS account.
>
>
> " I had problems in the below when I removed "Syadmin role" from
> BuildIN/Administrators. So I have given back the sysadmin role to solve
the
> issue.
> 1. FULL Text Indexing
>
> 2. Maintenance Plans
>
> So do a test in test server for couple of weeks and then implement in
> Production server.
>
> Known issues after removal ,
>
> Some things to be aware of:
>
> Q237604 PRB: SQL Server Agent Does Not Start and Displays Error 18456
> Q295034 FIX: MSSearch Takes 100% CPU if BUILTIN\Administrators Removed
> Q317746 PRB: SQL Server Full-Text Search Does Not Populate Catalogs "
>
> Thanks
> Hari
> MCDBA
>
>
>
>
>
>
> Thanks
> Hari
> MCDBA
>
> "Lucio" <anonymous@discussions.microsoft.com> wrote in message
> news:15BE41F9-B847-4BDC-9682-028EB0D82E77@microsoft.com...
> > I have to install a database on my customer's site,
> > how can i protect it from a system administrator into a site where i'm
not
> an administrator?
>
>
- Previous message: Hari Prasad: "Re: Protecting database from administrators"
- In reply to: Hari Prasad: "Re: Protecting database from administrators"
- Next in thread: Hari Prasad: "Re: Protecting database from administrators"
- Reply: Hari Prasad: "Re: Protecting database from administrators"
- Reply: Stephen Strong: "Re: Protecting database from administrators"
- Reply: Mark Allison: "Re: Protecting database from administrators"
- Reply: Mike B.: "Re: Protecting database from administrators"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
