Re: Password Protect SQL SERVER

From: J André Labuschagné (technical_at_eduadmin.com)
Date: 04/18/04


Date: Sun, 18 Apr 2004 22:45:21 +0200

It is a serious weakness in MSSQL. There is no answer as far as we know.

"Andrew J. Kelly" <sqlmvpnooospam@shadhawk.com> wrote in message
news:u25zg#16DHA.2472@TK2MSFTNGP10.phx.gbl...
> By default there is a local NT admin account that is also sa. If they log
> on to their box as the local admin they are essentially sa. You can
remove
> that account but that won't really stop someone from getting at it if they
> want and have rights to the physical machine. The real answer here has
> always been to make sure you have a good copywrite, NDA etc to cover this
> area. There are some 3rd party tools to encrypt the db but it can be a
real
> hassle and in the long run I am not sure how effective it is. Take a look
> on google for past posts regarding encryption and sql server for more
> details.
>
> --
>
> Andrew J. Kelly
> SQL Server MVP
>
>
> <anonymous@discussions.microsoft.com> wrote in message
> news:a63401c3eb5b$e253f450$a601280a@phx.gbl...
> > We are the sa. We give to the customer MSDE with an added
> > user in the user table which will let them get to the
> > application if a valid user.
> >
> > If they plan on buying sql server on thir own and putting
> > in our database is their a way we can stop them from
> > reading the database and egtting to its structure by
> > password protecting the database on the msde or by
> > encrypting the database.
> >
> >
> > >-----Original Message-----
> > >If they own the server and are sa then you can't. sa
> > can see or do
> > >everything on the server.
> > >
> > >--
> > >
> > >Andrew J. Kelly
> > >SQL Server MVP
> > >
> > >
> > >"HP" <anonymous@discussions.microsoft.com> wrote in
> > message
> > >news:a26901c3eb2c$e9d5d7e0$a601280a@phx.gbl...
> > >> We have a database that we distribute for our
> > application
> > >> to customers. We add users to a user table to allow
> > >> access to the web application only. How can I protect
> > the
> > >> database with a secret password that only we know and
> > the
> > >> customer can only access the data and use the database
> > >> but cannot get to the database using EM or Query
> > Analyser
> > >> unless he knwos the password.
> > >>
> > >> Help is appreciated.
> > >>
> > >> I am new to all this so if some one could please guide
> > me
> > >> to the right direction.
> > >>
> > >> Thansk a lot.
> > >
> > >
> > >.
> > >
>
>



Relevant Pages

  • Re: Storing Connection String
    ... you can encrypt the traffic to the SQL Server. ... Hitchhiker's Guide to Visual Studio and SQL Server ... My idea is to have just one database user whose username and password ... Which means that if an user get hold of connection string ...
    (microsoft.public.dotnet.framework.adonet)
  • Re: How To Protect Backup being restoted in any others from other serv
    ... And I completely forgot about the 3:rd party utils which can encrypt along with compression on the fly. ... >> The only "security" feature provided by SQL Server is password. ... >> other servers (in case Database backup stolen from us). ...
    (microsoft.public.sqlserver.server)
  • Re: Secure data in SQL Server 2005 Mobile Edition
    ... One other thing to try is not checking the encrypt option - the database still gets encrypted if you provide a password. ... replicate this database on SQL Server Mobile Edition on a mobile device. ... and whatever the perf hit, well that's the price you pay. ...
    (microsoft.public.sqlserver.ce)
  • Re: Secure data in SQL Server 2005 Mobile Edition
    ... We have decided to go ahead with encrypted the entire database for now, ... replicate this database on SQL Server Mobile Edition on a mobile device. ... for my database connection string and checked the encrypt option. ...
    (microsoft.public.sqlserver.ce)
  • Re: Encrypting a table
    ... SQL CE database and encrypt that database. ... "glenn" wrote in message ... > using SQL Server CE? ...
    (microsoft.public.sqlserver.ce)