Re: Protecting database from administrators
From: Hari Prasad (hari_prasad_k_at_hotmail.com)
Date: 03/28/04
- Next message: Atlantis: "Re: Pesky Home Page"
- Previous message: ZSL: "Re: Protecting database from administrators"
- In reply to: ZSL: "Re: Protecting database from administrators"
- Next in thread: Stephen Strong: "Re: Protecting database from administrators"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Sun, 28 Mar 2004 08:27:20 +0530
Hi,
First 2 points, I doubt because SQL server is a thread running above the
Windows operating system, so it is very
difficult to control the data access from OS Administrators fully.
Data encryption:
There is nothing in SQL Server to do the data encryption. You may write code
to encrypt the
data on your own.
Have a look into the below site for encryption tools;
www.sqlsecurity.com
Thanks
Hari
MCDBA
"ZSL" <inzaneleo@yahoo.com.au> wrote in message
news:uwY2cvDFEHA.3576@tk2msftngp13.phx.gbl...
> Hari
>
> This is surely a weakness of MS-SQL. Take two instances:
>
> 1. Database architecture, design and implementation is a valuable asset.
> Commercially, a developer, me included, would need to protect the asset.
> This allows anyone to get access to and use/change the data dictionary.
>
> 2. Databases with sensitive information - for example patient medical
> information - will be exposed to anyone who cares to gain access. This is
> very important where an application/database is for wide distribution.
> Again, for example, clinical systems for general use by doctors but
> maintained by non-clinical personnel
>
> Many other issues/situations can be described.....
>
> Encrypting data is not sufficient. In any event the added overhead of
> encrypted data is a potentially unnecessary overhead.
>
> Are there any third-party tools that will allow the whole data dictionary
> for a database to be locked up?
>
> Are there any plans by MS to resolve this issue?
>
> ZSL
>
> "Hari Prasad" <hari_prasad_k@hotmail.com> wrote in message
> news:OVnh2hCFEHA.1128@TK2MSFTNGP11.phx.gbl...
> > Hi,
> >
> > You can't restrict the OS administrators fully, because they have full
> > rights on all folders and registry keys inwhich SQL server resides.
> > But, you can restrict them to an extend by removing "System Admin" role
> from
> > BUILTIN/ADMINISTRATORS account.
> >
> >
> > " I had problems in the below when I removed "Syadmin role" from
> > BuildIN/Administrators. So I have given back the sysadmin role to solve
> the
> > issue.
> > 1. FULL Text Indexing
> >
> > 2. Maintenance Plans
> >
> > So do a test in test server for couple of weeks and then implement in
> > Production server.
> >
> > Known issues after removal ,
> >
> > Some things to be aware of:
> >
> > Q237604 PRB: SQL Server Agent Does Not Start and Displays Error 18456
> > Q295034 FIX: MSSearch Takes 100% CPU if BUILTIN\Administrators Removed
> > Q317746 PRB: SQL Server Full-Text Search Does Not Populate Catalogs "
> >
> > Thanks
> > Hari
> > MCDBA
> >
> >
> >
> >
> >
> >
> > Thanks
> > Hari
> > MCDBA
> >
> > "Lucio" <anonymous@discussions.microsoft.com> wrote in message
> > news:15BE41F9-B847-4BDC-9682-028EB0D82E77@microsoft.com...
> > > I have to install a database on my customer's site,
> > > how can i protect it from a system administrator into a site where i'm
> not
> > an administrator?
> >
> >
>
>
- Next message: Atlantis: "Re: Pesky Home Page"
- Previous message: ZSL: "Re: Protecting database from administrators"
- In reply to: ZSL: "Re: Protecting database from administrators"
- Next in thread: Stephen Strong: "Re: Protecting database from administrators"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
