Re: ms sql server 2000 security too weak ?

From: Hernán Castelo (hhh_at_hotmail.com)
Date: 04/12/04

Next message: Egbert Nierop \(MVP for IIS\): "Re: ms sql server 2000 security too weak ?"
Previous message: Alin: "RE: SQL Server and LAN Manager Authentication Level"
In reply to: Egbert Nierop \(MVP for IIS\): "Re: ms sql server 2000 security too weak ?"
Next in thread: Egbert Nierop \(MVP for IIS\): "Re: ms sql server 2000 security too weak ?"
Reply: Egbert Nierop \(MVP for IIS\): "Re: ms sql server 2000 security too weak ?"
Reply: Andy: "Re: ms sql server 2000 security too weak ?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Mon, 12 Apr 2004 17:15:21 -0300

hi
what is necessary to do for encrypt data?

-- 
atte,
Hernán Castelo
UTN Buenos Aires
.  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .
"Egbert Nierop (MVP for IIS)" <egbert_nierop@nospam.invalid> escribió en el mensaje
news:uj3L1IFIEHA.3356@TK2MSFTNGP11.phx.gbl...
"RW" <goldbase@centrin.net.id> wrote in message
news:4079FBD2.559B@centrin.net.id...
> It seems the authority for DBA is too much to control the safety of .mdf
> , why not add an additional password or key to protect it, if someone
> copy the .mdf files and install to a new sql server service, they can
> read everything using sa facility, is it worse than ms.access ?
>
> at least ms.access still need some extra job to crack it, but the .mdf
> is too simple, just copy and read it.
>
> Especially the MSDE version in one single computer, even the hardware
> technician can duplicate and sell your important data.
>
> Anyone have solution for this security problem ?
You have a choice. Have MSDE run, on a reserved account
- NTFS security
- Data Encryption
- Also, you can store data on a raw partition, that cannot be copied so
easily.
b.t.w. there is nearly no protection against harddisk access by a
technician. You can't blame MS for that. But data encryption by the
application that uses MSDE is a solution...

Next message: Egbert Nierop \(MVP for IIS\): "Re: ms sql server 2000 security too weak ?"
Previous message: Alin: "RE: SQL Server and LAN Manager Authentication Level"
In reply to: Egbert Nierop \(MVP for IIS\): "Re: ms sql server 2000 security too weak ?"
Next in thread: Egbert Nierop \(MVP for IIS\): "Re: ms sql server 2000 security too weak ?"
Reply: Egbert Nierop \(MVP for IIS\): "Re: ms sql server 2000 security too weak ?"
Reply: Andy: "Re: ms sql server 2000 security too weak ?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

Re: ms sql server 2000 security too weak ?
... what is necessary to do for encrypt data? ... > It seems the authority for DBA is too much to control the safety of .mdf ... > Anyone have solution for this security problem? ... Have MSDE run, on a reserved account ...
(microsoft.public.sqlserver.server)
Re: ms sql server 2000 security too weak ?
... > It seems the authority for DBA is too much to control the safety of .mdf ... > Anyone have solution for this security problem? ... Have MSDE run, on a reserved account ... But data encryption by the ...
(microsoft.public.sqlserver.server)
Re: ms sql server 2000 security too weak ?
... > It seems the authority for DBA is too much to control the safety of .mdf ... > Anyone have solution for this security problem? ... Have MSDE run, on a reserved account ... But data encryption by the ...
(microsoft.public.sqlserver.security)
Re: ms sql server 2000 security too weak ?
... >> Especially the MSDE version in one single computer, even the hardware ... Have MSDE run, on a reserved account ... Your application can encrypt data. ... .NET samples show how to do it. ...
(microsoft.public.sqlserver.security)
Re: ms sql server 2000 security too weak ?
... >> Especially the MSDE version in one single computer, even the hardware ... Have MSDE run, on a reserved account ... Your application can encrypt data. ... .NET samples show how to do it. ...
(microsoft.public.sqlserver.server)