Wednesday, March 21, 2012

ms sql server 2000 too weak ?

It seems the authority for DBA is too much to control the safety of .mdf
, why not add an additional password or key to protect it, if someone
copy the .mdf files and install to a new sql server service, they can
read everything using sa facility, is it worse than ms.access ?
at least ms.access still need some extra job to crack it, but the .mdf
is too simple, just copy and read it.
Especially the MSDE version in one single computer, even the hardware
technician can duplicate and sell your important data.
Anyone have solution for this security problem ?
--
Best regards,
Ridwan
--
PemBukuan.Com
http://www.as3000.comRW,
Security in general is said to start with the physical box - once this is
compromised then there's little you can do (eg Linux can be used to bypass
NTFS so file system security doesn't help). SQL Server security itself is
based on logins, users and permissions/roles, all of which exist in the
database file, so, after the box is accessed (compromised), someone needs to
be able to access/compromise the file.
There's no simple solution apart from securing the box and the files; you
can password protect your backups but not the datafiles.
Regards,
Paul Ibison|||Why not MS add an additional physics login password as an option ? just
like what we have in excel, word, access ? I know that kind of password
is too simple, they can build a more advance password, I think may be
they don't want to take the risk of while users forget the password.
If developer want to distribute an application with safe and small
capacity database, then I think the MSDE is not a choice.
Paul Ibison wrote:
> RW,
> Security in general is said to start with the physical box - once this is
> compromised then there's little you can do (eg Linux can be used to bypass
> NTFS so file system security doesn't help). SQL Server security itself is
> based on logins, users and permissions/roles, all of which exist in the
> database file, so, after the box is accessed (compromised), someone needs to
> be able to access/compromise the file.
> There's no simple solution apart from securing the box and the files; you
> can password protect your backups but not the datafiles.
> Regards,
> Paul Ibison
--

No comments:

Post a Comment