question

UnishSQL avatar image
UnishSQL asked

Does a backup contain more than the data? Can someone read passwords from it?

I have question what actually a backup contains is it **more than a data or logs**.If it is more than that can anybody read passwords from it.
sql-server-2008sql-server-2008-r2backuppassword
10 |1200 characters needed characters left characters exceeded

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Grant Fritchey avatar image
Grant Fritchey answered
The backup has everything that is stored in the database. It's a bit by bit copy of everything that defines the database. User database would not have passwords. The backup of the master database would have passwords in it. But, they're encrypted. You couldn't just read them out of the backup.
2 comments
10 |1200 characters needed characters left characters exceeded

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

The original question was about SQL 2008; however, what about a partially contained database in SQL 2012+? Granted, those would also be encrypted...
0 Likes 0 ·
thank u for the info it helped me out a lot @grant
0 Likes 0 ·
JohnM avatar image
JohnM answered
Assuming the passwords are in a table within the database, if you don't take steps to encrypt the passwords or secure your backups, yes in theory someone could steal the backup file, restore it and then subsequently read passwords. Transparent Data Encryption would help to solve that problem as well as column level encryption. Hope that helps!
2 comments
10 |1200 characters needed characters left characters exceeded

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Ah, I assumed SQL logins. But yeah, if you're storing any information in the database, the backup will have that stuff. A third party tool like SQL Backup can encrypt just the backups, not requiring TDE (which can be a little problematic). Also, SQL Server 2014 has backup encryption now.
2 Likes 2 ·
HA! I assumed passwords stored in the database. Didn't even think about the logins. Good point on third party backup tools. Also a potential option.
0 Likes 0 ·

Write an Answer

Hint: Notify or tag a user in this post by typing @username.

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.