Re: Encrypting data in SQL 2005

If the admin really want to see your data there not a lot you can do about
it. The admin doesn't have to know the password because he can change it.
One of the SQL devs discusses this in his blog:
http://blogs.msdn.com/lcris/archive/2005/12/20/506187.aspx If you think
about it, you don't want to be able to block the admin. What if a
disgruntled employee decided to change a password only he could change and
you lost access to all the payroll data in the database? The best way to
limit access is to make sure you limit admin rights to people you can trust
because ultimately you have to trust somebody with the passwords. If you
decide only your CEO should have that power, I give you Enron. The only way
I can think of to block an administrator is to do the encryption and
decryption in your application so the admin has no access to the key.

--
This posting is provided "AS IS" with no warranties, and confers no rights.
Use of included script samples are subject to the terms specified at
http://www.microsoft.com/info/cpyright.htm

"Jim Youmans" <jdyoumans@xxxxxxxxx> wrote in message
news:1147959831.765199.107920@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
I had read that but it does not answer the question of how to protect
the password. I don't want to code it into my stored procedure becase
then someone (a developer or DBA) would be able to look at the code and
then see it.

What I need is a suggestion for a system that allows the application to
get to the password but have that access to the password limited to the
app and the security group that put it on the box.

Any thoughts??

Thanks!

Jim



.

Relevant Pages

  • Re: Handling Sysads resignation/termination
    ... the admin is out-- what is the ... your HR department and your firm's Attorneys ... You can't protect yourself against the actions of one in a trusted position ... the breech of trust has taken place. ...
    (Pen-Test)
  • Re: Child Domain Setup Quiestion
    ... The trust created is Bidirection, Implecit, Transitive trust between domains ... There are three levels of Administration in a windows 2003 based ... 1] Enterprise Admin - have admin previlages to all the domains in the forest. ...
    (microsoft.public.windows.server.active_directory)
  • Re: Running VSTO on Terminal Server
    ... The solution is that although the Configuration tool appears to be working ... I had a net admin make the change to ... Microsoft.Web.Services.dll and again I was unable to establish trust for the ... > I also added a full trust policy at the level of the VS projects directory ...
    (microsoft.public.vsnet.vstools.office)
  • Re: software to control domain administrators
    ... "If I can't trust my admin he/she shouldn't be one" is an archaic school ... enterprise administrators are less and less common in favor of dividing ...
    (Security-Basics)
  • Re: ? about google toolbar
    ... Chuck,,THanks for your help-Yes I do trust ... >>install it but would not allow it. ... >Can you trust your daughter? ... running an admin ...
    (microsoft.public.security)