Re: SQL 2005 express security issue
- From: "stm" <stm@xxxxxxx>
- Date: Sun, 3 Feb 2008 00:53:42 +0800
Back to the age of using Access, I can set password and control remote user access.
Change to SQL Express eventually step backward..............I have a little regret on my choice!!
"Russell Fields" <russellfields@xxxxxxxxxx> 在郵件 news:eO7R7TPZIHA.4208@xxxxxxxxxxxxxxxxxxxx 中撰寫...
A system administrator such as 'sa' or any other login granted the sysadmin role can read anything on the server. At a remote location where you do not control the rights granted on the server, there is nothing you can do about this.
If your application and the remote user log in with accounts that are not sysadmins then you can protect databases, tables, stored procedures, etc.
However, within a database there are other roles that, if granted, give sweeping rights. In a database the db_owner role is like a sysadmin for one database. It can see and do anything in that database.
To understand what is revealed and to whom here is a write-up from SQL 2000:
There are a few more roles now in 2005 and things are changing some, since these roles are a concatenation of several rights that can be individually granted:
http://technet.microsoft.com/en-us/library/ms175892.aspx - fixed server roles http://technet.microsoft.com/en-us/library/ms189612.aspx - fixed database roles
"stm" <stm@xxxxxxx> wrote in message news:eTjdSHPZIHA.1184@xxxxxxxxxxxxxxxxxxxxxxxHi,
We just revamp our application from Access to use SQL Express 2005 as database engine, which is a standalone application running on client PC.
I'm now simulating the scenario when I deploy the DB to client, how can I protect the database (or some tables) from being read by them?
Since this application will distribute to client PC, which is out of our control, so we must choose SQL authentication.
What I got is, when I setup a SQL express in a new machine, and attach the database I want to protect, login as 'sa', I can read everything inside, no matter what & how I set.
Is it true that I can't protect database/table in SQL authentication mode?
- Prev by Date: Re: How to implement Windows Authentication?
- Next by Date: Re: SQL 2005 express security issue
- Previous by thread: Re: SQL 2005 express security issue
- Next by thread: Re: SQL 2005 express security issue