How to protect my MDF files > Discussions

July 30, 2010 Login |

Home
FAQs
       SQL Server FAQ
       SQL Injection FAQ
       SQL Security Checklist
       SQL Server-Related Products
       SQL Server/MSDE-Based Applications
       SQL Server Version Database
Tools
       Lockdown Script
       Free Tools
       Free Analysis
       Group Policy Templates
       Commercial Tools
Community
       Discussions
       Links
About
Search

SQL Security Forums

Note: SQLSecurity.com does not allow nor require registration due to privacy concerns for users. SQLSecurity.com is open and anonymous for all. Please report any abuse or profanity.

Unanswered

Active Topics

Forums

Forums > Discussions > SQL Server Security

Subject: How to protect my MDF files

Prev Next

Add Reply

Author

Messages

Jacky

11/20/2002 6:18 AM	Quote Reply Alert
Dear all, My company has a SQL Server installed on the Database Server and many people has the access right to login the Database Server. So that if someone steal the MDF from the Database Server then he is able to get all the information stored in it by restore it at other machines. How can I stop it without limit the Login access right of other users? Please help. Thank you.

Chip Andrews

11/20/2002 8:15 AM	Quote Reply Alert
Is there any reason those local users need to have ACL access to the MDF files? Not in most circumstances since users access the database through the MSSQLServer service. Consider simply using proper ACLs. To take it a step further, you could use EFS (Encrypted File System) to encrypt the MDFs. You would need to log into the server using the account of the SQL Server Service and then encrypt the MDFs. This is a low-cost solution but does not protect backups made to external media. Another option is to use third-party MDF encryption tools such as Encryptionizer or Protegrity. Check the links under the FAQ page for exact locations for these tools.

Jacky

11/20/2002 9:49 PM	Quote Reply Alert
Thank you very much for your reply. My organization has the operation department and the MIS department share the same database server with the HR (Payroll) system for the Human resource department. I feel very hard to protect the Payroll System's database. Since the MIS owns the server and all the rights, so that they can use some backdoor methods to access the Payroll's database... But anyway I will try your suggestion first. Thank you for your help again.

Chip Andrews

11/21/2002 9:16 AM	Quote Reply Alert
It's tough to keep data secure when another entity has complete control over the machine on which the data is stored. Even encryption can be tricky depending on key management etc. I would try to argue for one of two things - a separate payroll server that may be controlled by MIS but require supervised and logged physical access OR you could look into an payroll system that supports storing all sensitive data on the SQL Server encrypted. If the application (and thus the encryption) is controlled by HR/Accounting and not MIS then it may not matter that they have control over the SQL Server. Note that this is different than encrypting the database on the SQL Server as this solution would allow a snoop to see the database structure but not the data.

Jacky

11/21/2002 9:11 PM	Quote Reply Alert
Thank you so much, your reply was fast and very helpful. I will discuss with the HR director about it. I guess that she will agree for your opinions.

Add Reply

Forums > Discussions > SQL Server Security > How to protect my MDF files

Quick Reply

Username:
Subject:
Body:

ActiveForums 3.6