| Author |
Topic |
|
sven.thunberg
Starting Member
6 Posts |
 Posted - 2008-09-10 : 08:37:49
|
| I have a question about database encryption. Is it possible to configure a database on a server, with encryption on the whole database, that makes it unuseful even for the servers dba? We are thinking about installing our application in out customers server environment, with the database on a already running MSSQL server, but we don't want to let our customer into the database. |
|
|
afrika
Master Smack Fu Yak Hacker
2706 Posts |
|
|
sven.thunberg
Starting Member
6 Posts |
Posted - 2008-09-10 : 09:26:26
|
| Thanks, I've read that, but what I don't understand is if the database is protected from the SA? Is it possible to lock a database so that SA can't open it? |
 |
|
|
afrika
Master Smack Fu Yak Hacker
2706 Posts |
Posted - 2008-09-10 : 10:10:16
|
then who will be able to open it ? |
|
|
|
sven.thunberg
Starting Member
6 Posts |
Posted - 2008-09-10 : 10:29:47
|
| Good question! But I want to find out if it´s possible for us as a vendor to install a database in a customers MS SQL Server, and secure our database so that noone gets into it without our knowledge. But it should still run as usual and feed the application with data. Does this make any sense? |
|
|
|
afrika
Master Smack Fu Yak Hacker
2706 Posts |
Posted - 2008-09-10 : 10:37:47
|
| Yes install the sa password and create an account for your application and assign permissions to that user which are limitedwhat type of application are you developing your frontend ? |
|
|
|
SwePeso
Patron Saint of Lost Yaks
30421 Posts |
Posted - 2008-09-10 : 10:38:31
|
You can't if the customer has access to SA account.However, you can install (if possible) an instance of sql server and not give away sa password.
E 12°55'05.63"N 56°04'39.26" |
|
|
|
sven.thunberg
Starting Member
6 Posts |
Posted - 2008-09-10 : 11:46:01
|
| We're planning and making design decisions now, probably a webapplication in asp.net. Some of our customers already have a MS SQL Server and might want to use this, but we don't want to loose control over the database. It seems like makin a new instance of SQL server for this purpose, that we control ourselves, would be the best solution? |
|
|
|
afrika
Master Smack Fu Yak Hacker
2706 Posts |
Posted - 2008-09-10 : 13:01:53
|
| Very simple.Look into .net's memberships and roles provider. If you use the .net database, it will create your users and tables for you and encrypt the passwords.With regards your database, You can create a login and assign it as a .net login account.You can encrypt your connection string in your web.config file so they wont have access to it. While your company keeps the sa password. |
|
|
|
SwePeso
Patron Saint of Lost Yaks
30421 Posts |
Posted - 2008-09-10 : 14:54:07
|
You will still need to encrypt everything, because DBA still has the means to stop your sql server instance and attach the db to another instance of which he has sa control.
E 12°55'05.63"N 56°04'39.26" |
|
|
|
blindman
Master Smack Fu Yak Hacker
2365 Posts |
Posted - 2008-09-10 : 15:23:01
|
| What is this world coming to when people can't trust their DBAs?Boycotted Beijing Olympics 2008 |
|
|
|
Michael Valentine Jones
Yak DBA Kernel (pronounced Colonel)
7020 Posts |
Posted - 2008-09-10 : 15:44:37
|
| Sounds like more of a case of a vendor not trusting their customer.I’ve seen posts like this before from vendors who are afraid of their customer stealing their code and database design. Or maybe they’re just ashamed of their code and don’t want anyone to look at it.CODO ERGO SUM |
|
|
|
|
Encryption on a database level