Re: Security Configuration Advice
- From: "Roger Abell [MVP]" <mvpNoSpam@xxxxxxx>
- Date: Tue, 20 Dec 2005 07:03:55 -0700
First, note that "network admin"s do not need to be SQL admins,
and in most cases should not be.
Without SQL "sa", then the accounts will only have access in SQL
as is configured within SQL for the database.
The application should be encrypting (with seeding) the fields in its
table(s) that contain sensitive information.
The data should be traveling with encryption as can be configured
in the SQL client and server networking.
If the application allows for configuring access control (as to what
accounts may use the application) then that control should be used
effectively. Whether the application accesses data as the user or by
use of an application role will control the extent of exposure posed
by the application itself depending on how it does or does not control
access. Nevertheless you could exert some (imperfect against network
admins) control over access to the application executable in normal
NTFS manner.
"DavidW" <DavidW@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:897F8148-7379-4C81-9AED-336E32FC5B65@xxxxxxxxxxxxxxxx
> We have an application that stores sensitive information in a SQL Server
> 2000
> database. Windows authentication is used for access to the application and
> database. We are concerned that staff with network admin rights will be
> able
> to access the application and are looking for security configurations that
> will prevent such access. We have also implemented AD on our servers.
.
- Prev by Date: Re: IIS 6 doesn't use AIA certificate extention
- Next by Date: Re: SID
- Previous by thread: MSDTC fails on Windows 2000 Advanced Server SP4
- Next by thread: Re: Security Configuration Advice
- Index(es):
Relevant Pages
|
|
