[dba-SQLServer]SQL2000 Security - Preventing access

Arthur Fuller artful at rogers.com
Fri May 2 11:01:30 CDT 2003 

Quite right, Charles. We're back to locked rooms. Any network rack not in a
locked room is owned by an idiot, IMO. And further, anyone stupid enough to
store credit card numbers unencrypted in a db is begging for a lawsuit.

Arthur

-----Original Message-----
From: dba-sqlserver-bounces at databaseadvisors.com
[mailto:dba-sqlserver-bounces at databaseadvisors.com] On Behalf Of Wortz,
Charles
Sent: May 2, 2003 10:14 AM
To: dba-sqlserver at databaseadvisors.com
Subject: RE: [dba-SQLServer]SQL2000 Security - Preventing access


David,

If you have implemented security on the db and have the data encrypted, then
you are making it harder for them.  But, there is no way to protect anything
from anyone willing to spend enough time and money to get it. The purpose of
security is to make the cost of getting something illegally higher than the
value of what they are trying to get.  Who's going to be dumb enough to
spend $$$ for something only worth $?

So your mission is to assess how valuable is the data in the db and then
secure it enough so somebody has to spend more than that to steal the data.

More information about the dba-SQLServer mailing list