Re: ms sql server 2000 security too weak ?

From: Egbert Nierop \(MVP for IIS\) (egbert_nierop_at_nospam.invalid)
Date: 04/12/04


Date: Mon, 12 Apr 2004 07:51:08 +0200


"RW" <goldbase@centrin.net.id> wrote in message
news:4079FBD2.559B@centrin.net.id...
> It seems the authority for DBA is too much to control the safety of .mdf
> , why not add an additional password or key to protect it, if someone
> copy the .mdf files and install to a new sql server service, they can
> read everything using sa facility, is it worse than ms.access ?
>
> at least ms.access still need some extra job to crack it, but the .mdf
> is too simple, just copy and read it.
>
> Especially the MSDE version in one single computer, even the hardware
> technician can duplicate and sell your important data.
>
> Anyone have solution for this security problem ?

You have a choice. Have MSDE run, on a reserved account
- NTFS security
- Data Encryption
- Also, you can store data on a raw partition, that cannot be copied so
easily.

b.t.w. there is nearly no protection against harddisk access by a
technician. You can't blame MS for that. But data encryption by the
application that uses MSDE is a solution...



Relevant Pages

  • Re: ms sql server 2000 security too weak ?
    ... > It seems the authority for DBA is too much to control the safety of .mdf ... > Anyone have solution for this security problem? ... Have MSDE run, on a reserved account ... But data encryption by the ...
    (microsoft.public.sqlserver.server)
  • Re: ms sql server 2000 security too weak ?
    ... what is necessary to do for encrypt data? ... > It seems the authority for DBA is too much to control the safety of .mdf ... > Anyone have solution for this security problem? ... Have MSDE run, on a reserved account ...
    (microsoft.public.sqlserver.security)
  • Re: ms sql server 2000 security too weak ?
    ... what is necessary to do for encrypt data? ... > It seems the authority for DBA is too much to control the safety of .mdf ... > Anyone have solution for this security problem? ... Have MSDE run, on a reserved account ...
    (microsoft.public.sqlserver.server)
  • MSDE security (still confused!!!)
    ... I am distributing my application which includes MSDE 2000. ... attaches .MDF and .LDF files once instance of MSDE 2000 is installed on the ... Administrator, ran my Setup program to install MSDE, attach .MDF and .LDF, ...
    (microsoft.public.sqlserver.msde)