Re: Password Protect SQL SERVER

From: J André Labuschagné (technical_at_eduadmin.com)
Date: 04/18/04


Date: Sun, 18 Apr 2004 22:45:21 +0200

It is a serious weakness in MSSQL. There is no answer as far as we know.

"Andrew J. Kelly" <sqlmvpnooospam@shadhawk.com> wrote in message
news:u25zg#16DHA.2472@TK2MSFTNGP10.phx.gbl...
> By default there is a local NT admin account that is also sa. If they log
> on to their box as the local admin they are essentially sa. You can
remove
> that account but that won't really stop someone from getting at it if they
> want and have rights to the physical machine. The real answer here has
> always been to make sure you have a good copywrite, NDA etc to cover this
> area. There are some 3rd party tools to encrypt the db but it can be a
real
> hassle and in the long run I am not sure how effective it is. Take a look
> on google for past posts regarding encryption and sql server for more
> details.
>
> --
>
> Andrew J. Kelly
> SQL Server MVP
>
>
> <anonymous@discussions.microsoft.com> wrote in message
> news:a63401c3eb5b$e253f450$a601280a@phx.gbl...
> > We are the sa. We give to the customer MSDE with an added
> > user in the user table which will let them get to the
> > application if a valid user.
> >
> > If they plan on buying sql server on thir own and putting
> > in our database is their a way we can stop them from
> > reading the database and egtting to its structure by
> > password protecting the database on the msde or by
> > encrypting the database.
> >
> >
> > >-----Original Message-----
> > >If they own the server and are sa then you can't. sa
> > can see or do
> > >everything on the server.
> > >
> > >--
> > >
> > >Andrew J. Kelly
> > >SQL Server MVP
> > >
> > >
> > >"HP" <anonymous@discussions.microsoft.com> wrote in
> > message
> > >news:a26901c3eb2c$e9d5d7e0$a601280a@phx.gbl...
> > >> We have a database that we distribute for our
> > application
> > >> to customers. We add users to a user table to allow
> > >> access to the web application only. How can I protect
> > the
> > >> database with a secret password that only we know and
> > the
> > >> customer can only access the data and use the database
> > >> but cannot get to the database using EM or Query
> > Analyser
> > >> unless he knwos the password.
> > >>
> > >> Help is appreciated.
> > >>
> > >> I am new to all this so if some one could please guide
> > me
> > >> to the right direction.
> > >>
> > >> Thansk a lot.
> > >
> > >
> > >.
> > >
>
>