Re: How to protect a database from DBAs invasion ????????

Re: How to protect a database from DBAs invasion ????????

 

  

Hi Lisa,

Thanks for your reply.

Could you please tell me how to encrypt the data
before writing into SQL Server Database?

We are using Visual Basic 6.0 as a front-end
application with SQL server 2k.

Do i have to write "Encryption" coding in VB
application (or) in SQL Server itself?

Will appreciate your help


--- [Email Address Removed] wrote:
>
>
> The reason why you can still attach is probably due
> to the fact that you
> are an administrator on the machine. By default,
> BUILTIN\Administrators
> has sysadmin rights to the SQL Server. You can
> delete the
> BUILTIN\Administrators login. Although, this will
> make SQL Server Agent
> fail unless you either add the NT account running
> that service to the
> sysadmin role or edit SQL Agent properties to use
> SQL authentication. Note
> that anyone with access to the mdf and ldf files
> could still copy those
> files off the server and just do an sp_attach to any
> SQL Server they want
> and be able to access a copy of the data. A lot of
> personnel applications
> that I have worked with encrypt important data (such
> as salaries, social
> security numbers, etc) before it is written to the
> database. This ensures
> that the only way to read the data is through the
> application.
> Thanks,
> Lisa Greetham
> Database Administrator, Corporate Internet Group
> Bank One
>
>
>
>
> Bajal Mohamed <[Email Address Removed] 02/26/2003 03:08 AM
>
> To
> "LazyDBA.com Discussion" <[Email Address Removed] cc
>
> Subject
> How to protect a database from DBAs invasion
> ????????
>
>
>
>
>
>
> Hi Pals,
>
> I have designed database for ¡°Personnel System¡±
> and it
> is ready for use. Now my boss says that only one
> person should have full rights on this database. He
> don¡¯t want even myself (as I am a DBA here) to have
> access on this Database.
>
> Here we have only one server (Win 2k with SQL 2k).
>
> For this purpose, I have installed new instance and
> named it as ¡°Personnel System¡±, this instance¡¯s
> ¡°sa¡±
> password is given to my boss. I mean he is the only
> one person can access this database now.
>
> But I found that, I can still attach this
> ¡°Personnel
> System¡± database to another instance of sql server
> and
> open the database fully & modify. By doing this I
> realize that our ¡°Personnel System¡± database is
> not
> protected well from intruders.
>
> Is there is any way to secure a database (from the
> DBA
> though it was designed by him)?.
>
> The main purpose is ¡°my boss don¡¯t want to give me
> an
> access to this database (I am the one SQL Server DBA
> here).
>
> Advanced thanks for ur ideas & suggestions
>
>
> =====
>
> Best Regards,
> Bajal Mohamed.
>
> YOUR ATTITUDE IS YOUR ALTITUDE
>
>
>
>
> __________________________________________________
> Do you Yahoo!?
> Yahoo! Tax Center - forms, calculators, tips, more
> http://taxes.yahoo.com/
>
>
---------------------------------------------------------------------
> TO REPLY TO EVERBODY , PLEASE CLICK REPLY-ALL, NOT
> JUST REPLY
> To unsubscribe, e-mail:
> mssqldba-[Email Address Removed] For additional commands, e-mail:
> mssqldba-[Email Address Removed]
>
>
>
>
> This transmission may contain information that is
> privileged, confidential and/or exempt from
> disclosure under applicable law. If you are not the
> intended recipient, you are hereby notified that any
> disclosure, copying, distribution, or use of the
> information contained herein (including any reliance
> thereon) is STRICTLY PROHIBITED. If you received
> this transmission in error, please immediately
> contact the sender and destroy the material in its
> entirety, whether in electronic or hard copy format.
> Thank you.
>


=====

Best Regards,
Bajal Mohamed.

YOUR ATTITUDE IS YOUR ALTITUDE




__________________________________________________
Do you Yahoo!?
Yahoo! Tax Center - forms, calculators, tips, more
http://taxes.yahoo.com/
MS Sql Server LazyDBA home page