Please start any new threads on our new
site at https://forums.sqlteam.com. We've got lots of great SQL Server
experts to answer whatever question you can come up with.
| Author |
Topic |
|
ashgavs
Starting Member
1 Post |
 Posted - 2011-06-07 : 16:05:46
|
| Hi all,Currently I am running SQL Server that is accessed from an app. the app requires smart card verification to make changes to the server. Unfortunately, this does not prevent users from going through to the files or the database manager to delete or see data from the server. We could use a universal password for each piece of hardware we put the server on, but this is not safe for various reasons. Is there a way to prevent file tampering while also allowing the app to access the data? |
|
|
russell
Pyro-ma-ni-yak
5072 Posts |
Posted - 2011-06-08 : 07:30:11
|
| Allow the account(s) used by the app only enough permission to do exactly what needs to be done. Do not give this account(s) admin priveleges on the box.Don't allow users file system access to the db server at all.What type of changes are you allowing anyway? |
 |
|
|
nigelrivett
Master Smack Fu Yak Hacker
3385 Posts |
Posted - 2011-06-08 : 08:03:34
|
| If users have access to the server there's not a lot you can do without encrypting the data.Admins for the server will always need access to it and there's not a lot you can do to stop that.If this is an in house server then allowing users access to the server and files rather makes the smartcard security a waste of time. All it protects is the app interface not the data.==========================================Cursors are useful if you don't know sql.SSIS can be used in a similar way.Beer is not cold and it isn't fizzy. |
|
|
|
|
|
|
Security: Application Vs. File tampering