Ureader.com  
Microsoft software help and Community
   home   |   control panel login   |   archive   |  
 
SQL
ce
clients
clustering
connect
datamining
datawarehouse
dts
fulltext
jdbcdriver
msde
mseq
newusers
notificationsvcs
odbc
olap
programming
replication
reportingsvcs
security
securitytools
server
setup
sqlxml.viewmapper
tools
xml
  
 
date: Tue, 17 May 2005 10:17:49 +1000,    group: microsoft.public.sqlserver.securitytools        back       


restrict access to a database    
Hi all,

Okay, we've got a product which has SQL Server as the backend database.
The client has the product as well as the database.
But the DBA at the clients end messes up with the data & we are held
responsible (that the product is what is messing up the data & NOT their
DBA).
How can we prevent this,
ie. try to encrypt the database or restrict access to the database to the
DBA.
Also, another requirement is that we do NOT want them to see the DB
structures, the tables, the data in the Databse!!!!

options,

1. Get them to install a new instance of SQL Server & NOT give the DBA or
anyone the password & have the password embeded in the application (thus
only the application can access the SQL Database).

NOTE : THe product and the SQL Servers WILL have to be at the clients end.

any other options?
date: Tue, 17 May 2005 10:17:49 +1000   author:   D.Rudiani

Re: restrict access to a database    
Hi

As you don't have the means to stop physical access this is difficult. You 
may want to make sure that you are auditing such events. If you want to 
carry out encryption then it is probably better on the client as the DBA 
will have access to the methods used at the database end. You may also want 
to look throught the products and articles on 
http://www.sqlsecurity.com/DesktopDefault.aspx?tabindex=0&tabid=1

John

"D.Rudiani"  wrote in message 
news:ervb1anWFHA.1796@TK2MSFTNGP15.phx.gbl...
> Hi all,
>
> Okay, we've got a product which has SQL Server as the backend database.
> The client has the product as well as the database.
> But the DBA at the clients end messes up with the data & we are held
> responsible (that the product is what is messing up the data & NOT their
> DBA).
> How can we prevent this,
> ie. try to encrypt the database or restrict access to the database to the
> DBA.
> Also, another requirement is that we do NOT want them to see the DB
> structures, the tables, the data in the Databse!!!!
>
> options,
>
> 1. Get them to install a new instance of SQL Server & NOT give the DBA or
> anyone the password & have the password embeded in the application (thus
> only the application can access the SQL Database).
>
> NOTE : THe product and the SQL Servers WILL have to be at the clients end.
>
> any other options?
>
>
date: Sat, 21 May 2005 13:20:16 +0100   author:   John Bell

Google
 
Web ureader.com


    COPYRIGHT 2007, YARDI TECHNOLOGY LIMITED, ALL RIGHT RESERVE  |   contact us