| Author |
Topic |
|
maggie
Starting Member
9 Posts |
 Posted - 2004-04-18 : 13:53:01
|
| Hi AllHow does one achieve fully encrypting the database so that:1. The database structure (tables and relationships) are not accessible2. The data is encrypted3. The database can be tranported and attached to another SQL Server and the entire database is still protected from view4. Administrators can be locked out completely so that the app takes full control of accessHow on earth does one achieve this?CheersAndre |
|
|
Merkin
Funky Drop Bear Fearing SQL Dude!
4970 Posts |
Posted - 2004-04-18 : 19:58:54
|
You can't do that. Administrators will always have total control, if you don't trust your admins, fire them  The only thing you can do is encrypt some of your data on the way in.Damian |
 |
|
|
maggie
Starting Member
9 Posts |
Posted - 2004-04-19 : 04:56:34
|
| Hi MerkinSince over 70% of data theft is internal I guess we should be firing all DBAs - the other 30% will eventually do it. And so it rotates. Human beings are not to be trusted. Most DBAs I know could be classified as human beings.Time to look at a more serious DBMS - no wonder Linux has taken off like a rocket. MS cannot even provide the tools to secure its own database.Happy hacking.CheersAndre |
|
|
|
Merkin
Funky Drop Bear Fearing SQL Dude!
4970 Posts |
Posted - 2004-04-19 : 05:08:12
|
| Wow, what a silly thing to say.>>Since over 70% of data theft is internal I guess we should be firing all DBAsOr hire well and treat your staff well enough that they don't want to steal from you.>>Time to look at a more serious DBMS - no wonder Linux has taken off like a rocketIf you give everyone Root on a Linux box, there isn't anything they can't do.>>MS cannot even provide the tools to secure its own database.Name one DBMS that lets you lock out all the admins!Damian |
|
|
|
ditch
Master Smack Fu Yak Hacker
1466 Posts |
Posted - 2004-04-19 : 05:10:08
|
| I wonder what hell will break loose if all admins are locked out?I'm just a developer - not a dba and I think it would be very scary if admins are locked out!Duane. |
|
|
|
maggie
Starting Member
9 Posts |
Posted - 2004-04-27 : 15:38:12
|
| Hi AllThanks for the replies. We really needed to get this clear. We understand from our research that you cannot lock out the admin role from specific databases. We understand that we need to trust the DBA and make sure that the DB is not stolen if we are going to use MSSQL. We now understand that if the DB is attached to another SQL Server instance the sysadmin role has full access to all objects in the DB.We have looked at a number of third party encryption tools but with the exception of possibly one they cannot really meet our needs. The encryption techniques that are native to MSSQL have been demonstrated to us by independent security experts as insecure and completely breachable.We have found other Dbs that appear to satisfy our needs. We are still testing but they seem to do exactly what we require. Thanks for clearing up this functionality in respect of MSSQL. We will continue to monitor the development of MSSQL in case their security paradigm changes in which case we can relook at it.Once again, thanks for the help in clearing this up.Cheers |
|
|
|
JimL
SQL Slinging Yak Ranger
1537 Posts |
Posted - 2004-04-27 : 15:56:43
|
| Jeeeeeeeess Its this thread all over again. [url]http://www.sqlteam.com/forums/topic.asp?TOPIC_ID=34032[/url]I will say this again. Jims golden rule for data Security. ( I am sure I am just repeating what others here at SQL Team have said) Given enough time and incentive any encryption can be hacked.If they cant get to it they cant HACK it.Access protection is the whole Key. If you cant trust your DBA or System Administrator YOUR SCREWED.JimUsers <> Logic |
|
|
|
MichaelP
Jedi Yak
2489 Posts |
Posted - 2004-04-27 : 16:08:26
|
| Maggie, what Databases have you found that do meet your needs? I'd be interested to see that list.I'm with Jim. I think that there's no such thing as 100% security. All forms of encryption can be broken in some way (brute force, back doors, rubber hose, weak algorythms, etc).Michael<Yoda>Use the Search page you must. Find the answer you will.</Yoda> |
|
|
|
derrickleggett
Pointy Haired Yak DBA
4184 Posts |
Posted - 2004-04-27 : 16:31:40
|
| Maggie, go away!Can we please lock this thread. We don't need this worthless discussion again.http://weblogs.sqlteam.com/derrickl/On one of the forums at SQLTeam.com, a “development manager“ claims they have found a database engine that supports the following: 1. Zero or near zero administration2. One physical file for the database3. Simple recovery procedures4. Physical file protection while at rest and in transit5. Acceptable performance6. Scaleability7. Small footprint8. SQL engine that typically eliminates the need for a DBA. 9. SQL engine with one app supporting 50,000 connections to the database10. The database is large (in the tetrabytes). --ummmm, okey-dokey. What's a tetrabyte? Will it catch falling blocks and rearrange them in mid-air also?11. The database has an overall performance of around 30 times faster than engines such as MSSQL and Oracle. --WOW!!!!!!12. The best of all is that many of these SQL engines run on Linux, Unix, VMS and Windows platforms, giving clients a choice. --blah,blah,blah If anyone has ran across a database platform that supports the above “features”, please let me know ASAP. I would like to start using it immediately. (grin) BTW, this "mistress of lies" works for www.eduadmin.com. Please feel free to visit the website and see screens of the wonderful application this intense development house creates requiring the magnificent database described above. She states she has been developing for over 30 years. What a wealth of incredibly useful lore. Does this look like a terabyte size, high performance, super-duper, high-security database system to you? I think we can cry wolf on this one. If you do find any databases that meet the above specifications though, please let me know. I look forward to the hundreds of responses from vendors. (cough, cough) Stupid people shouldn't lie. They are too stupid to make it coherent and believable. Favorite words used: 8 (stupid, lie, coherent, super-duper, blah, WOW, okey-dokey, lore)Mean level (1-10): 10 (Stupid people should be branded on their foreheads.)Education level (1-10): 1 (It's possible someone learned something from this. The thousands of replies from vendors could exponentially increase level.)Entertainment level (1-10): 6 (This is mildly entertaining if you have had to repeatedly endure those Dilbert moments at work.)Respectfully and lovingly yours,The MeanOldDBAderrickleggett@hotmail.comWhen life gives you a lemon, fire the DBA. |
|
|
|
MichaelP
Jedi Yak
2489 Posts |
Posted - 2004-04-27 : 16:50:38
|
| After looking at that website, it appears that the EDUAdmin software was written with a programming environment called Clarion (http://www.softvelocity.com/ formally http://www.topspeed.com). The Top Speed database is nothing more than a flat file <cough>database</cough>. <Yoda>Security, there is none. File corruption, rampant it is.</Yoda>.The ideas and views expressed here are mine and mine alone.I could be wrong, but I doubt it.Michael<Yoda>Use the Search page you must. Find the answer you will.</Yoda> |
|
|
|
Merkin
Funky Drop Bear Fearing SQL Dude!
4970 Posts |
Posted - 2004-04-27 : 19:34:06
|
| Maggie, you are either an idiot, or a troll. It's not just this site you are doing it on either.You didn't address my point about root users so I'm assuming you are not here for a sensible discussion.Damian |
|
|
|
|
Full Database Encryption