question

Frixum avatar image
Frixum asked

SQLSERVER database file protection

i can protect DB by puting password through enterprise manager.. but if my client attach hard disk to anoth PC and copy the database files then he can open it anywhere he wants, cant these files be password protected ???

sql-server-2000
10 |1200

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Fatherjack avatar image
Fatherjack answered

The database files are locked by the sqlserver process so there little option to get to the data unless a user has permissions to stop and start services ie an windows administrator.

You could enforce alternative NT permissions on the directory where the data files are stored but still an adminsitrator could change the permissions and carry on as above.

You could encrypt your file system to prevent theft of the hardware and data extraction through that method.

10 |1200

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Grant Fritchey avatar image
Grant Fritchey answered

SQL Server 2008 offers Transparent Database Encryption. TDE will encrypt the files themselves and even if you copy them to another server, you can't restore them without the proper keys embedded in the server. I think that's exactly what you're asking for.

2 comments
10 |1200

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Fatherjack avatar image Fatherjack ♦♦ commented ·
I would have suggested this but the tag says sql-server-2000 ... an upgrade may be in order.
0 Likes 0 ·
Grant Fritchey avatar image Grant Fritchey ♦♦ commented ·
It's the only way I know to do exactly what the OP is asking for.
0 Likes 0 ·
CirqueDeSQLeil avatar image
CirqueDeSQLeil answered

If you truly want to prevent the client from escaping with the data, then you will need to keep the database on a server that you can control.

What exactly would the client be escaping with? The SQL Code and schema? Granted, that is yours and properly so. However, the data belongs to the client.

Grant's suggestion is very useful, if you upgrade to SQL 2008. But with the Server being at the client, they can still pump the data and schema out of it if they have an admin account on the box and access to sql server (they can easily disable TDE, pump the data and schema out and then turn it back on).

10 |1200

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Write an Answer

Hint: Notify or tag a user in this post by typing @username.

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.