RE: How to protect a database from DBAs invasion ????????

RE: How to protect a database from DBAs invasion ????????

 

  



There is a way to encrypt data in SQL Server using SSL, but I have never
used it. I also know that our developers here encrypt/decrypt data using
.NET libraries, but I do not know what they do. Look up encryption in the
BOL and it talks about the SSL method. Although I have always just let my
developers do all that themselves.

Thanks,
Lisa Greetham
Database Administrator, Corporate Internet Group
Bank One




Bajal Mohamed <[Email Address Removed] 07:58 PM

To
"LazyDBA.com Discussion" <[Email Address Removed] How to protect a database from DBAs invasion ????????






Hi Wilson,

Thanks for your reply.

Yes, my boss is not supposed to do DBA tasks.

The data we are going to write into our "Personnel
Database" is highly confidential like Salary details,
Performance Review and Etc. So no one should have
direct access on this data including me (though i am a
DBA). We want the data to be accessed only through
front-end VB application.

Our front-end application is written using Visual
Basic 6.0.

Where do I have to write coding for "Encryption"
either in "VB application" or SQL Server?

So, could you please give me some idea about "how to
encrypt the data in VB application before writing into
SQL Database"?

Will appreciate your precious help.



But Allan" <Allan.[Email Address Removed] wrote:
> I wouldn't look at denying the dba access to the
> database. Who's going to
> maintain it? Your Boss? :-)
>
> I think in situations like this, the data is stored
> in an encrypted format
> instead. The dba can still access the database and
> do his job maintaining
> it. But... Since the data is encrypted, even the
> dba cannot make heads or
> tails of what is in the tables.
>
> I'm not familiar with how to do this on SQL Server,
> I just know that it can
> be done. There is probably something on the client
> end that decrypts the
> data before being presented to the application.
>
> Allan
>
> -----Original Message-----
> From: Bajal Mohamed [mailto:[Email Address Removed] Sent: Wednesday, February 26, 2003 3:09 AM
> To: LazyDBA.com Discussion
> Subject: How to protect a database from DBAs
> invasion ????????
>
>
> Hi Pals,
>
> I have designed database for "Personnel System" and
> it
> is ready for use. Now my boss says that only one
> person should have full rights on this database. He
> don't want even myself (as I am a DBA here) to have
> access on this Database.
>
> Here we have only one server (Win 2k with SQL 2k).
>
> For this purpose, I have installed new instance and
> named it as "Personnel System", this instance's "sa"
> password is given to my boss. I mean he is the only
> one person can access this database now.
>
> But I found that, I can still attach this "Personnel
> System" database to another instance of sql server
> and
> open the database fully & modify. By doing this I
> realize that our "Personnel System" database is not
> protected well from intruders.
>
> Is there is any way to secure a database (from the
> DBA
> though it was designed by him)?.
>
> The main purpose is "my boss don't want to give me
> an
> access to this database (I am the one SQL Server DBA
> here).
>
> Advanced thanks for ur ideas & suggestions
>
>
> =====
>
> Best Regards,
> Bajal Mohamed.
>
> YOUR ATTITUDE IS YOUR ALTITUDE
>
>
>
>
> __________________________________________________
> Do you Yahoo!?
> Yahoo! Tax Center - forms, calculators, tips, more
> http://taxes.yahoo.com/
>
>
---------------------------------------------------------------------
> TO REPLY TO EVERBODY , PLEASE CLICK REPLY-ALL, NOT
> JUST REPLY
> To unsubscribe, e-mail:
> mssqldba-[Email Address Removed] For additional commands, e-mail:
mssqldba-[Email Address Removed] Regards,
Bajal Mohamed.

YOUR ATTITUDE IS YOUR ALTITUDE




__________________________________________________
Do you Yahoo!?
Yahoo! Tax Center - forms, calculators, tips, more
http://taxes.yahoo.com/

---------------------------------------------------------------------
TO REPLY TO EVERBODY , PLEASE CLICK REPLY-ALL, NOT JUST REPLY
To unsubscribe, e-mail: mssqldba-[Email Address Removed] additional commands, e-mail: mssqldba-[Email Address Removed] transmission may contain information that is privileged, confidential and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is STRICTLY PROHIBITED. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format. Thank you.

MS Sql Server LazyDBA home page