Re: SQL 2005 express security issue

Back to the age of using Access, I can set password and control remote user access.
Change to SQL Express eventually step backward..............I have a little regret on my choice!!


"Russell Fields" <russellfields@xxxxxxxxxx> 在郵件 news:eO7R7TPZIHA.4208@xxxxxxxxxxxxxxxxxxxx 中撰寫...
stm,

A system administrator such as 'sa' or any other login granted the sysadmin role can read anything on the server. At a remote location where you do not control the rights granted on the server, there is nothing you can do about this.

If your application and the remote user log in with accounts that are not sysadmins then you can protect databases, tables, stored procedures, etc.

However, within a database there are other roles that, if granted, give sweeping rights. In a database the db_owner role is like a sysadmin for one database. It can see and do anything in that database.

To understand what is revealed and to whom here is a write-up from SQL 2000:
http://www.microsoft.com/technet/prodtechnol/sql/2000/reskit/part3/c1061.mspx?mfr=true

There are a few more roles now in 2005 and things are changing some, since these roles are a concatenation of several rights that can be individually granted:
http://technet.microsoft.com/en-us/library/ms175892.aspx - fixed server roles http://technet.microsoft.com/en-us/library/ms189612.aspx - fixed database roles

RLF

"stm" <stm@xxxxxxx> wrote in message news:eTjdSHPZIHA.1184@xxxxxxxxxxxxxxxxxxxxxxx
Hi,

We just revamp our application from Access to use SQL Express 2005 as database engine, which is a standalone application running on client PC.

I'm now simulating the scenario when I deploy the DB to client, how can I protect the database (or some tables) from being read by them?

Since this application will distribute to client PC, which is out of our control, so we must choose SQL authentication.

What I got is, when I setup a SQL express in a new machine, and attach the database I want to protect, login as 'sa', I can read everything inside, no matter what & how I set.

Is it true that I can't protect database/table in SQL authentication mode?

Please help.




.

Relevant Pages

  • Re: dbdebunk Quote of Week comment
    ... > a lot of really bad SQL programmers. ... But SQL does not have a pointer data type or the ... > being told to design a database. ... But why is little Cindy Lou Who employee ...
    (comp.databases.theory)
  • Re: DBMS and lisp, etc.
    ... Naively implemented with SQL, again for 10 ... (1 query for the initial orders, 1 query for each order for its ... soon as you upgrade to the SQL database. ... (eq (order-customer orderA) ...
    (comp.lang.lisp)
  • Re: dbdebunk Quote of Week comment
    ... > a lot of really bad SQL programmers. ... a surrogate key should support the primary key. ... But SQL does not have a pointer data type or the ... > being told to design a database. ...
    (comp.databases.theory)
  • Re: dbdebunk Quote of Week comment
    ... But SQL does not have a pointer data type or the ... More and more programmers who have absolutely no database training are ... But why is little Cindy Lou Who employee ...
    (comp.databases.theory)
  • Re: Just say no to threads [Was: Software architecture]
    ... they knew there was going to be a database in the app. ... Now my colleague just spent a couple/three weeks designing an SQL ... Turns out they have a flat file of sample information, ...
    (comp.object)