Results 1 to 5 of 5
  1. #1
    Join Date
    Jun 2002
    Posts
    6

    Unanswered: MsSQL Security Issue

    Hi, I having an issue on MsSQL Security Issue. Wish you guys can help me.
    My problem is now I have create a login user and password for each Database. The problem is if the database file (.MDF, .ldf) has been copy out..user do attach manually, then put any new user and password to that db..so all my data will be view by others..is there any solution for this?
    Another Question is for each DB..can we kick out sa user and put in our new user for that DB? So sa no permission on view/update/Add in records for that db?

    Thanks you.

  2. #2
    Join Date
    Jul 2003
    Location
    Penang, Malaysia
    Posts
    212
    Please view this tread
    http://www.dbforums.com/showthread.php?threadid=970286

    Basically u can only control ppl from accessing Enterprise Manager;SQL Service Agent by setting Window Authetication rights to users login to u'r Windows.

    If a person can't enter the enterprise manager, can't shutdown the SQL Service Agent, they can't cut and copy the mdf and ldf files.


    Normally, SA has full user rights to all dbs under its instance. It would be bad user management in your company if your force to kick out SA from a DB!!!!! , the SA password is given to the company DBA.

    I don't think it is possible to kick SA rights. Even if SA is not the owner of the DB, it can enter any database in its instance.
    Patrick Chua
    LBMS ( Learn By My Self) NPQ ( No paper Qualification )

  3. #3
    Join Date
    Oct 2003
    Posts
    706

    Exclamation

    All database files should be placed so that the database server can access them, but no one else can. This is extremely important.

    Backup tapes containing the information must be similarly secured.
    ChimneySweep(R): fast, automatic
    table repair at a click of the
    mouse! http://www.sundialservices.com

  4. #4
    Join Date
    Jun 2002
    Posts
    6
    I see, thanks you. Actually my situation is a bit different. If we handle normally, it can handle as you said, but my db will goto client office, and the owner of the db don't want client manually open db and modify or copy as their own purpose...that why i looking for this solution..
    anyway..thanks you ^.^

  5. #5
    Join Date
    Dec 2003
    Posts
    15
    Maybe I'm not understanding your particular issue but couldn't you encrypt the data that is of concern? There are better ways to secure your data but if you 2 way encrypt it and store the encryption/decryption routine in a dll then you should be good to go right? You would have your data access layer implicitly use the encryption/decryption function.

    Of course people could still mess up the data but you could have a sanity check built into it somewhere.

    Sorry that this isn't a SQL solution but there you go.

    HTH,
    Dan

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •