Re: Protecting database from administrators
From: Neil Pike (neilpike_at_compuserve.com)
Date: 04/27/04
- Next message: Alec MacLean: "Re: Granting EXEC to all my user sprocs in one hit"
- Previous message: Neil Pike: "Re: anyone knows what happen?"
- In reply to: J André Labuschagné: "Re: Protecting database from administrators"
- Next in thread: Stephen Dybing [MSFT]: "Re: Protecting database from administrators"
- Reply: Stephen Dybing [MSFT]: "Re: Protecting database from administrators"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 27 Apr 2004 09:14:12 GMT
Andre,
> In transit means legally or illegally. If the DB is removed illegally and
> there is no encryption while at rest it must still be secure. We do not
> want to use separate encryption utilities to achieve this. These should be
> part of the DB itself.
It would certainly be nice if SQL Server provided more encryption facilities,
but not many people would use them. Oracle and DB/2 have a level of encryption
facilities, but I've not seem them actually used anywhere yet! (Note that's
just my own experience). Almost all the "proper" encryption I've seen done
with DBMS's so far, has been done at the application level, often in
conjunction with a hardware encryption card, to encrypt/decrypt sensitive data
fields outside the control of the dbms.
> It is very clear that you are unaware of DBMS that
> are not linked to OS security.
Please enlighten us all then - this is a forum for sharing information.
> All the security MS has offered is weak.
> Let us take one simple example. You refer to EFS. This is only applicable
> if the DB is lying on an NTFS segment. If it is attached to SQL Server on
> FAT32 (e.g. Windows 98) the security is removed as FAT32 does not support
> EFS.
Quite correct. EFS is one possible option worth considering when looking at a
secure solution. There's no "magic" answer that fits all requirements. If
there was then there would only be one dbms product out there and one "security
solution".
> We have solved our problem by not using MSSQL. We have connected with
> other vendors that supply SQL technology that meets our requirements and is
> not dependent on the OS at all. I suggest you do some more research on this
> matter. We have been digging around for well on one year now - specifically
> on the security aspects. A cursory bit of research on your part is all that
> is required. It is unethical to mention other vendors on this forum so we
> will refrain from doing so.
Unethical? In what way? Anyone here is perfectly free to discuss the pro's
and con's of any and all dbms's. Obviously the majority of people here use SQL
Server, but most people work in multi-vendor environments using many products
and technologies. Any and all opinions are always welcome. Hard facts are
even more welcome.
Why not share the research you've done by letting us know what product(s)
you've used, what the security features are, and how these compare to what
other products, such as Oracle, DB/2, SQL Server, Sybase and anything else,
offer.
Neil Pike MVP/MCSE. Protech Computing Ltd
Reply here - no email
SQL FAQ (484 entries) see
http://forumsb.compuserve.com/gvforums/UK/default.asp?SRV=MSDevApps
(faqxxx.zip in lib 7)
or www.ntfaq.com/Articles/Index.cfm?DepartmentID=800
or www.sqlserverfaq.com
or www.mssqlserver.com/faq
- Next message: Alec MacLean: "Re: Granting EXEC to all my user sprocs in one hit"
- Previous message: Neil Pike: "Re: anyone knows what happen?"
- In reply to: J André Labuschagné: "Re: Protecting database from administrators"
- Next in thread: Stephen Dybing [MSFT]: "Re: Protecting database from administrators"
- Reply: Stephen Dybing [MSFT]: "Re: Protecting database from administrators"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
