Re: SQL 2005 express security issue
- From: "Daniel Crichton" <msnews@xxxxxxxxxxxxxxxx>
- Date: Tue, 5 Feb 2008 17:18:09 -0000
stm wrote on Wed, 6 Feb 2008 00:19:17 +0800:
but anyone can install his own SQL Express in their own machine, and
view anything.......
Only if they then get hold of the MDF and LDF files and attach them to their
instance of SQL Server - if you allow access to the underlying files then
you're at risk no matter what software you use. If they just install SQL
Express on their own machine and then connect to a different server where
your data lies they'd need to have the sa password on the remote server -
they can't just connect using the local sa login and then pull it across.
If you're really concerned about restricting access to the data, then look
into using the built-in encryption features - using these would also require
the person who gets the MDF and LDF files to also gain access to the
certificate used to encrypt/decrypt the data, and that is likely going to be
much harder.
--
Dan
.
- Follow-Ups:
- Re: SQL 2005 express security issue
- From: stm
- Re: SQL 2005 express security issue
- References:
- SQL 2005 express security issue
- From: stm
- Re: SQL 2005 express security issue
- From: Russell Fields
- Re: SQL 2005 express security issue
- From: stm
- Re: SQL 2005 express security issue
- From: Russell Fields
- Re: SQL 2005 express security issue
- From: stm
- Re: SQL 2005 express security issue
- From: Daniel Crichton
- Re: SQL 2005 express security issue
- From: stm
- SQL 2005 express security issue
- Prev by Date: Re: SQL 2005 express security issue
- Next by Date: Linked server only allow access to one database
- Previous by thread: Re: SQL 2005 express security issue
- Next by thread: Re: SQL 2005 express security issue
- Index(es):
Relevant Pages
|
