|
Home > Archive > MS SQL Server security > February 2006 > Still attach DB to different server in ver 2005?
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
Still attach DB to different server in ver 2005?
|
|
| cdeutmeyer 2006-02-09, 1:23 pm |
| Does SQL Server 2005 have any built in functionality (encryption or
otherwise) to limit the ability of someone with admin rights to the server to
copy the ldf and mdf files to another server, attach the databases and access
the data?
I already know about restricting rights to the folder and the service. In
our case this solution is not always an option. I also know about encrypting
on individual columns.
| |
| Geoff N. Hiten 2006-02-09, 1:23 pm |
| If you move a database with encrypted columns, you need to move the
encryption keys along with the database if you want to actually read the
encrypted data. If you do not provide the keys, the Collation for those
columns is effectively GB-US (Gibberish-US). Otherwise it works just like
SQL 2000.
--
Geoff N. Hiten
Senior Database Administrator
Microsoft SQL Server MVP
"cdeutmeyer" < cdeutmeyer@discussio
ns.microsoft.com> wrote in message
news:B312A1ED-9503-4BDB-9532- B933E1D83B24@microso
ft.com...
> Does SQL Server 2005 have any built in functionality (encryption or
> otherwise) to limit the ability of someone with admin rights to the server
> to
> copy the ldf and mdf files to another server, attach the databases and
> access
> the data?
>
> I already know about restricting rights to the folder and the service. In
> our case this solution is not always an option. I also know about
> encrypting
> on individual columns.
>
| |
| cdeutmeyer 2006-02-09, 8:23 pm |
|
"Geoff N. Hiten" wrote:
> If you move a database with encrypted columns, you need to move the
> encryption keys along with the database if you want to actually read the
> encrypted data. If you do not provide the keys, the Collation for those
> columns is effectively GB-US (Gibberish-US). Otherwise it works just like
> SQL 2000.
>
> --
> Geoff N. Hiten
> Senior Database Administrator
> Microsoft SQL Server MVP
>
>
>
> "cdeutmeyer" < cdeutmeyer@discussio
ns.microsoft.com> wrote in message
> news:B312A1ED-9503-4BDB-9532- B933E1D83B24@microso
ft.com...
>
Since most of the data is sensitive, I was hoping to avoid the client
application programming changes involved with encryption on a columnar level.
I guess what I am asking is if there is a way to keep someone with
folder/service admin rights on the server from attaching the database files
some other server that they have sa rights to and getting into the data.
|
|
|
|
|