It should be possible to set up a role for your DBA that allows them to do basic maintenance, such as backups and restores, but does not allow them to access tables or procedures. Can't say I've done this, though.
If your DBA logs in as sa or dbo, then there is no way to hide anything that you don't encrypt yourself. DBO is database god (small g), and SA is server God (big g).
Where are you leaving your backups? Shouldn't they enjoy the same security (file system, locked cabinet for tapes, etc) as your live database files? It's like leaving photocopies of you credit card statements around.
Did you read the article on encryption? It does provide a method of protecting your data from direct viewing, but it needs to be set up that way initially.
No, I haven't. In fact, you can probably tell just how lazy I am by the fact that I didn't read the whole article.
Though, the second sentence says: "Encryption ensures that data remains secure by keeping the information hidden from everyone, even if the encrypted data is viewed directly," I cannot find any way of actually doing this.
I am able to encrypt Stored rocedures and Views so that their definitions are encrypted, but that doesn't help much.
In the past, I have always written an encryption routine that things such as Credit Card numbers were passed through on their way into and out of the database. .NET has an encryption class that makes that approach a lot easier, and more secure.
Sorry for being misleading there. I guess I'm the naked, following blindman around... ;-)
err guys..or gals...there's always the icq or msn for those kind of thing i believe
neway sometimes it's not perfectly true in the sense that most of the software developed might be for customers and usually customers will DEMAND for the rights to access to everything and also to restore it.
That's was the whole reason y I asked the question in the first place =)
Neway am thinking of the payroll system that is currrently under development stage... I'm sure you might be a bit interested to know the pay your superior's getting ...
I do unserstand what you are trying to accomplish. If you use your front-end application (or middleware) to perform the encryption, that would solve your data visibility problem. If you ultimately find a way for SQL to do it for you, I would love to know about it.
Also, as for blindman's idea to password protect the backups, you could let the end-users control the backup password protection. You can even impliment code in your front end to perform the backup and restores.
When I looked over the info on this product it does exactly what you are looking for. You select the users that should get access to the information, and you can set it to encrypt only a specific column.
Do you guys know of a good way to send data from one remote computer to another? I need to send credit info from an online server to the companies internal server in the most secure way possible. These two servers will have a vpn link and the online db will have an SSL cert attached to it as well. Any thoughts???