[dba-SQLServer]SQL2000 Security - Preventing access

Wortz, Charles CWortz at tea.state.tx.us
Fri May 2 09:13:53 CDT 2003


David,

If you have implemented security on the db and have the data encrypted,
then you are making it harder for them.  But, there is no way to protect
anything from anyone willing to spend enough time and money to get it.
The purpose of security is to make the cost of getting something
illegally higher than the value of what they are trying to get.  Who's
going to be dumb enough to spend $$$ for something only worth $?

So your mission is to assess how valuable is the data in the db and then
secure it enough so somebody has to spend more than that to steal the
data.

Charles Wortz
Software Development Division
Texas Education Agency
1701 N. Congress Ave
Austin, TX 78701-1494
512-463-9493
CWortz at tea.state.tx.us



-----Original Message-----
From: David Emerson [mailto:davide at dalyn.co.nz] 
Sent: Thursday 2003 May 01 17:39
To: dba-SQLServer at databaseadvisors.com
Subject: [dba-SQLServer]SQL2000 Security - Preventing access


We are in the process of completing a new installation.  We have created
a 
runtime WXP ADP with a SQL2000 BE.  We have set security so that users
that 
log onto the program can only access the parts that are relevant to 
them.  Fine so far.

What I haven't worked out yet is - What happens if someone gets hold 
of  the SQL database file (say for example from a backup tape), takes it

home and attaches it to their own copy of SQL.  Is there any way to
prevent 
them from being able to access the data or objects?


Regards

David Emerson
DALYN Software Ltd
25b Cunliffe St, Johnsonville
Wellington, New Zealand
Ph/Fax (877) 456-1205 


More information about the dba-SQLServer mailing list