Monday, February 20, 2012

MsSQL Security Issue

Hi, I having an issue on MsSQL Security Issue. Wish you guys can help me.
My problem is now I have create a login user and password for each Database. The problem is if the database file (.MDF, .ldf) has been copy out..user do attach manually, then put any new user and password to that db..so all my data will be view by others..is there any solution for this?
Another Question is for each DB..can we kick out sa user and put in our new user for that DB? So sa no permission on view/update/Add in records for that db?

Thanks you.Please view this tread
http://www.dbforums.com/showthread.php?threadid=970286

Basically u can only control ppl from accessing Enterprise Manager;SQL Service Agent by setting Window Authetication rights to users login to u'r Windows.

If a person can't enter the enterprise manager, can't shutdown the SQL Service Agent, they can't cut and copy the mdf and ldf files.

Normally, SA has full user rights to all dbs under its instance. It would be bad user management in your company if your force to kick out SA from a DB!!!!! , the SA password is given to the company DBA.

I don't think it is possible to kick SA rights. Even if SA is not the owner of the DB, it can enter any database in its instance.|||All database files should be placed so that the database server can access them, but no one else can. This is extremely important.

Backup tapes containing the information must be similarly secured.|||I see, thanks you. Actually my situation is a bit different. If we handle normally, it can handle as you said, but my db will goto client office, and the owner of the db don't want client manually open db and modify or copy as their own purpose...that why i looking for this solution..
anyway..thanks you ^.^|||Maybe I'm not understanding your particular issue but couldn't you encrypt the data that is of concern? There are better ways to secure your data but if you 2 way encrypt it and store the encryption/decryption routine in a dll then you should be good to go right? You would have your data access layer implicitly use the encryption/decryption function.

Of course people could still mess up the data but you could have a sanity check built into it somewhere.

Sorry that this isn't a SQL solution but there you go.

HTH,
Dan

No comments:

Post a Comment