SQL Server 2008 data protection
https://stackoverflow.com/questions/1438905
-
10-07-2019 - |
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianQuestion
I have a client-server application where a .NET client accesses all the data and stored procedures in a SQL Server 2008 database.
Is there any way to protect all this data so that only the users I create and authorize can access this specific database? Especially the user 'sa' comes to mind. I don't like him to access all my data.
Solution
You cannot prevent the system admin from accessing data, nor should you.
However, no one except the designated dba should have the password for the sa account. If sa doesn't have a password or if lots of people have the password, change that now. If the application accesses through sa, change that immediately.
Other than that way you can best limit access is remove access to all other accounts from the tables and views (including select access) and only allow exec access through the stored procs. That way anyone except the designated admin can only do waht the stored procs do and nothing else. You cannot do this however if you have used any dynamic sql either inthe application or the stored procs which is one reason why dynamic sql is a poor idea.
OTHER TIPS
You can't block sa or another system administrator, as access to the full system is integral to their role. You could try encrypting the data so it's meaningless outside your application, although it might complicate any future reporting needs.
