Dav_ix
asked on
Security issues
Hi,
I'm using msde2000. In my app i'm using sql security for the databases. I also provide functions in the application for backup and restore.
My backup function, calls the this sql command: backup database <dbname> to disk = 'fisicalpath'
where fisicalpath is often on a removeable device like pendrive or zipdisks.
On target machine i disabled the trusted connection by denying access to any windows user (particullary BUILTIN\Administrators) so the user can't access to database data directly.
But... If take the file and restore it on a different machine running sql server and it allows me to access any data in the database without any password. Is there a system to protect unautorized access to mdf file even after restore?
I'm using msde2000. In my app i'm using sql security for the databases. I also provide functions in the application for backup and restore.
My backup function, calls the this sql command: backup database <dbname> to disk = 'fisicalpath'
where fisicalpath is often on a removeable device like pendrive or zipdisks.
On target machine i disabled the trusted connection by denying access to any windows user (particullary BUILTIN\Administrators) so the user can't access to database data directly.
But... If take the file and restore it on a different machine running sql server and it allows me to access any data in the database without any password. Is there a system to protect unautorized access to mdf file even after restore?
Nope....you're at the mercy of the users/logins that are available on the target server....
ASKER
I resolved it by myself:
when backing up the database use the following t-sql statement:
backup database <dbname> to disk = 'fisicalpath' with password = 'mypasswordhere'
if you want to restore the database:
restore database <dbname> from disk = 'fisicalpath' with password = 'mypasswordhere'
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.