How safe are SQL Server 2005 MDF files? (re: security) -


We have started using SQL Server 2005 Express for a project and I have found that in every database its own The MDF / LDF file is whenever we need to duplicate our database (the second SQL Server), we only copy these files and then attach them to the database.

However, I am thinking about the security of these files, if someone from outside receives a copy of them, do they encrypt or can they just attach to them as I am doing? Am I

Thank you, John

They are not encrypted and can be used by any person by the MDF / LDF files can be loaded / attached with read access.

The actual MDF files are required to be protected, so you can take some approaches that you can. (It assumes that it is not possible to use file permissions to lock access, for example if you need protection against users with administrative rights to the machine or direct HDD access.)

    < Li> Use EFS or Encrypting files with bitlocks or files themselves in the same session / references to access files, there is no protection against other applications. But it will protect files (EFS) or any laptop / hard drive (EFS / bitlocker) from another account that is stolen.
  1. Encrypt sensitive data within the database You want to explicitly store the encryption key separately (possibly to use DPAPI, for example). SQL Server 2008 Enterprise Edition introduces a feature called Transparent Database Encryption (), to make this process easier, which clearly does not help much for the 2005 or the express edition. In this case, your best option would be to make custom encryption of sensitive data in your app. (Unfortunately in 2005 it will be required to use either the varbinary field or base 64-encoding encrypted values ​​etc.).
  2. Do not place data locally in the first place (i.e. the local express's Instead use remote SQL Server example). It does not really solve the problem, but it reduces it (you only need to protect the remote instance instead of local local / express copies).

Comments

Post a Comment

Popular posts from this blog

sql - dynamically varied number of conditions in the 'where' statement using LINQ -

I am using my first project LINQ (in mvc), so maybe there's something very simple that I remember. However, a day of searching and experimenting does not work, so it works. I am trying to write a LINQ query (Linux to SQL) in which in many cases where the statement is different from an OR or an AND. We do not know how many conditions are going in the query till runtime. This search is for filter control, where the user can choose multiple criteria for filtering. Select from table where table.col = 1 or table.col = 2 or table.col = 7 .... 'Other number of conditions Before I just create the SQL query as a string, while looping over all the situations. However, it seems that there should be a good way to do this in LINQ. I tried to use Expression trees, but they had a second thought for this moment on my head, where the lambda function was to be executed inside the statement such as: values ​​for matchingRows = matchingRows for each value Where (function (row) row.c...
Read more

asp.net mvc - Dynamically Generated Ajax.BeginForm -

I have a problem with ASP.NET MVC Ajax forms. I generate many Ajax form in a table such as: & Lt; Input type = "submit" name = "activity" value = "add activity" / & gt; & Lt;%}% & gt; & Lt; / TD & gt; & Lt; / TR & gt; & Lt;%}% & gt; So far so good. When I post one of those forms, it gives a partial view in a div, and in this new partial view a new Ajax Beginnform (which is not in Genesis form) This second Ajax Beginnorf is exactly like the ones I got on the table, but when I post it, I do not get the "Ajax Post", but a normal post that sends me to a new page, I do not know whether the two Ajax forms What is the reason for the difference between, why is it the "dynamically generated" Ajax form behaves like a normal HTML form? By the way, I know that I can do it in different ways using javascript, but I would like to understand whether it can only be done using MVC helplars and Ajax lib...
Read more

Debug on symbian -

I am using trk for phone debug This works well for the Holorld project But when I start the project in phone debug mode 1) the load failed 2) TrkProtocolPlugin: to target the specified file Failure (please verify If any body understands what problem I am experiencing, then this problem helps me Pre-release If the application has the privileges assigned (with the appropriate certificate) itemprop = "text" > In your case, I will check: / li> If there is no conflict of application ID with any other application of device If there are problematic commands in the installation package (for example copy copy for non-accessible directories)
Read more