|
-
Jan 29th, 2002, 03:35 PM
#1
How safe is an encrypted and password-secured MS SQL-Server DB?
Consider I have a DB like that. And there is a stored procedure in it that shouldn't be all too public. How safe is it?
Or rephrased: how hard is it to break into such a DB?
Matter of days, hours, minutes? Skill required?
thanks,
Helger
-
Jan 29th, 2002, 04:44 PM
#2
Hyperactive Member
MSSqlServer 2k is very secure.. But just as with anything.. if someone is REALLY targetting you, they will find a way in
Make sure you are hiding all of your connection strings and not letting them get out into the open
Change your password on a regular basis and only have 1 user with access, you! (no back door)
-mcd
[vbcode]
'*****************************
MsgBox "MCD :: [email protected]", vbInformation + vbOKOnly, "User"
'*****************************
[/vbcode]
-
Jan 29th, 2002, 04:57 PM
#3
 Just how secure is very secure? Any guesses as to how hard it really is to get into a DB (like measured in time or skill or whatever)?
Helger
-
Jan 29th, 2002, 05:00 PM
#4
Hyperactive Member
Well.. that depends on how secure your network is... If your network is tight, then its harder.. if not, then someone who is targeting you could fairly easily get into your db.. if they can get access to a file that has the connection string with the user/pw in it.. its all down hill from there.
how long would it take to hack into your network/webserver? add about 2 minutes to that
-mcd
[vbcode]
'*****************************
MsgBox "MCD :: [email protected]", vbInformation + vbOKOnly, "User"
'*****************************
[/vbcode]
-
Jan 29th, 2002, 05:46 PM
#5
 I'm not interested in network security, sorry. suppose someone has the whole thing somehow on his computer or is sitting right at the server-computer. Now let him try to open the whole thing.
Question: did you ever try this yourself?
thx for the replies,
Helger
-
Jan 29th, 2002, 07:25 PM
#6
PowerPoster
SQL Server 2000 allows your to grant permissions on an object basis. For example, you could let client X only be able to execuate a particular sproc (stored procedure) and not able to do a damn thing else. There are two types of authentication when dealing with SQL Server 2000: Windows Authentication and SQL Server 2000. Since SQL Server 2000 is so tightly integrated with Windows, I would rely on windows authentication.
-
Jan 30th, 2002, 12:14 PM
#7
Black Cat
www.sqlsecurity.com is a good link.
If someone is locally logged on to the SQL Server, they could potentially just delete the database files on the hard disk if they have permission. Physical access is a big security hole -- they could just wear boots and kick the computer.
Josh
Get these: Mozilla Opera OpenBSD
I have books for sale: "MCSD in a Nutshell" and "VB Distributed Exam Cram" - PM me for details. Will also trade for a decent ATX Pentium 2 MB/CPU/RAM combo.
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
Click Here to Expand Forum to Full Width
|
Reply With Quote