Re: Protecting database structure

Hello Paulo,

Thank you for using Microsoft MSDN newsgroup!

I understand that you 'd like to protect data schema from client
applications. If I'm off-base, please let me know.

As Uri mentioned, you could use Stored Procs/Views etc to hide underlying
tables.

However, if you are trying to hide certain pieces or portions of data, you
can use the new encryption support that comes out of the box in SQL server
2005. If you root the key management at the application then the admin of
SQL server will only see encrypted data. However, since the actual
encryption and decryption is happening on the server, anyone with debugger
privileges or box admin privileges will be able to see the data.

You could use EFS to encrypt the entire database file but that has
performance implications. My recommendation would be to encrypt the
portions of data you cosider sensitive and root key management at the
application.

Also, you could do what SAP and other ERP vendors do: obfuscate the schema
with non-human-readable metadata, which only _their_ application can alias
for the end user.

Actually, we've received some requirements from partners to lock down
database schema from end users/SQL admin and this feature might be take
into consideration in next version of SQL Server.

If anything is unclear or you have further concerns, please feel free to
let us know. Thanks.

Best Regards,

Peter Yang
MCSE2000/2003, MCSA, MCDBA
Microsoft Online Partner Support

When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.

=====================================================

Business-Critical Phone Support (BCPS) provides you with technical phone
support at no charge during critical LAN outages or "business down"
situations. This benefit is available 24 hours a day, 7 days a week to all
Microsoft technology partners in the United States and Canada.

This and other support options are available here:

BCPS:
https://partner.microsoft.com/US/technicalsupport/supportoverview/40010469

Others: https://partner.microsoft.com/US/technicalsupport/supportoverview/

If you are outside the United States, please visit our International
Support page:
http://support.microsoft.com/default.aspx?scid=%2finternational.aspx.

=====================================================

This posting is provided "AS IS" with no warranties, and confers no rights.


.

Relevant Pages

  • Re: how to get functions from stored procedures
    ... schemas and a bitmask of the supported restrictions for each schema. ... In the SQL Server case you may ... Providers are not required to support ... >> You don't say which OLEDB provider you are using here, ...
    (microsoft.public.data.oledb)
  • RE: Migrating DTS to Integration Services
    ... You wanted find some how-to articles on DTS upgrading to SSIS. ... Encryption not supported on SQL Server. ... SQL Server 2005 Integration Services, Part 1: ... Microsoft Online Community Support ...
    (microsoft.public.sqlserver.dts)
  • Re: sql 2005 schema as the default schema.
    ... alter user foo with default_schema=bar ... Jasper Smith (SQL Server MVP) ... I support PASS - the definitive, ... > instead of me having to prefix tablename with schema name in the query. ...
    (microsoft.public.sqlserver.clients)
  • Re: How to i hide my database schema from...
    ... I assume that you want the data encrypted in the database. ... If you mean the files themselves, an alternative is to use NTFS encryption ... > Even sa should not be able to access the schema. ... > Also are there anyways encrypt data in sql server 2000 ...
    (microsoft.public.sqlserver.server)
  • Re: Encrypt connection channel
    ... Jasper Smith (SQL Server MVP) ... Encrypt the connection string that is used to make a connection, ... Does ADO.Net and SQL Server support this feature? ... Encryption of sensitive sensitive query data that is exchanged between ...
    (microsoft.public.sqlserver.security)