If I only use 'Password Protection' for my SQL Server Database, is it
sufficient to protect the database? Is the password protection of SQL Server
2000 strong enough?
Why SQL Server 2000 does not possess 'Encrypting Database' feature, when
they have given this facility in MS Access?
I am thinking to keep the database on a removable media like Iomega Zip
Drive so that my client can carry the disk with him, but how it'll effect th
e
database performance?Hi
The Access encryption protection is easily broken. Tools are freely
available on the Internet.
SQL Server relies on physical security, plus authentication. If you want to,
put the DB on an NTFS formatted drive with Encrption (EFS).
Regards
Mike
"RPK" wrote:
> If I only use 'Password Protection' for my SQL Server Database, is it
> sufficient to protect the database? Is the password protection of SQL Serv
er
> 2000 strong enough?
> Why SQL Server 2000 does not possess 'Encrypting Database' feature, when
> they have given this facility in MS Access?
> I am thinking to keep the database on a removable media like Iomega Zip
> Drive so that my client can carry the disk with him, but how it'll effect
the
> database performance?|||> Why SQL Server 2000 does not possess 'Encrypting Database' feature, when
> they have given this facility in MS Access?
Encryption will be a feature in SQL Server 2005. It isn't usually necessary
to encrypt whole SQL Server databases because they normally reside at a data
centre where the requisite level of physical security can be applied.
> Is the password protection of SQL Server
> 2000 strong enough?
Encryption (in Access) uses passwords too. Why would you think Access's
authentication is any more secure than SQL Server's authentication? (It
isn't).
> I am thinking to keep the database on a removable media like Iomega Zip
> Drive so that my client can carry the disk with him, but how it'll effect
the
> database performance?
That's a different problem. You can easily backup or copy a SQL Server
database and encrypt the file(s) with any of various third-party encryption
tools. It's not sensible to run a SQL Server database direct from a removabl
e
disk though.
David Portas
SQL Server MVP
--|||Mike,
It is a good idea to keep the database on an EFS (NTFS). Can you illustrate
more clearly on how a database file located on NTFS partition be secured so
that it not easily visible even if someone is able to search the DIR.
"Mike Epprecht (SQL MVP)" wrote:
[vbcol=seagreen]
> Hi
> The Access encryption protection is easily broken. Tools are freely
> available on the Internet.
> SQL Server relies on physical security, plus authentication. If you want t
o,
> put the DB on an NTFS formatted drive with Encrption (EFS).
> Regards
> Mike
> "RPK" wrote:
>|||Hi
It would be visible if you do a DIR, but you first need to get to the file
system
With EFS, the Certificate present in a specific Active Directory based user
profile gives the user access to the file or directory. Nobody else. You
can't even recover the files if the user looses his/her password.
This is the extreme, but if you want it totally secure, it is the way to go.
There a few articles on EFS on the MS site and a Google search will bring
you a lot too.
This is an OS solution, for an OS problem.
Even if you use the encryption facility in SQL Server 2005, a certificate
needs to be present, so the same rules apply as above.
Regards
--
Mike Epprecht, Microsoft SQL Server MVP
Zurich, Switzerland
IM: mike@.epprecht.net
MVP Program: http://www.microsoft.com/mvp
Blog: http://www.msmvps.com/epprecht/
"RPK" <RPK@.discussions.microsoft.com> wrote in message
news:645F8E2A-B475-46A7-B68F-A5D5D03FC055@.microsoft.com...
> Mike,
> It is a good idea to keep the database on an EFS (NTFS). Can you
illustrate
> more clearly on how a database file located on NTFS partition be secured
so[vbcol=seagreen]
> that it not easily visible even if someone is able to search the DIR.
> "Mike Epprecht (SQL MVP)" wrote:
>
to,[vbcol=seagreen]
Server[vbcol=seagreen]
when[vbcol=seagreen]
Zip[vbcol=seagreen]
effect the[vbcol=seagreen]|||Mike,
My problem is that I want my application and the database hidden so that
even if my client is forced to log-in to windows, there is no risk of
tampering the database. Application behaviour can be changed in many ways,
but how to protect the database and its scheduled backups lying in other
directory.
My client has only one computer in his shop and that is where the
application and the database would reside.
........
Rohit.
"Mike Epprecht (SQL MVP)" wrote:
> Hi
> It would be visible if you do a DIR, but you first need to get to the file
> system
> With EFS, the Certificate present in a specific Active Directory based use
r
> profile gives the user access to the file or directory. Nobody else. You
> can't even recover the files if the user looses his/her password.
> This is the extreme, but if you want it totally secure, it is the way to g
o.
> There a few articles on EFS on the MS site and a Google search will bring
> you a lot too.
> This is an OS solution, for an OS problem.
> Even if you use the encryption facility in SQL Server 2005, a certificate
> needs to be present, so the same rules apply as above.
> Regards
> --
> Mike Epprecht, Microsoft SQL Server MVP
> Zurich, Switzerland
> IM: mike@.epprecht.net
> MVP Program: http://www.microsoft.com/mvp
> Blog: http://www.msmvps.com/epprecht/
> "RPK" <RPK@.discussions.microsoft.com> wrote in message
> news:645F8E2A-B475-46A7-B68F-A5D5D03FC055@.microsoft.com...
> illustrate
> so
> to,
> Server
> when
> Zip
> effect the
>
>
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment