保护我的数据库文件 [英] Protecting my database files
问题描述
我使用SQL Server 2005前preSS数据库,它是用来与多个客户端的服务器上的Windows .NET应用程序。在用户接入,查看和更新数据通过应用程序。
I have a Windows .net application using SQL Server 2005 Express as database, which is used on a server with multiple clients. The users insert, view and update data via the application.
对于这一点,我必须把.MDF文件的文件夹在服务器上。有没有其他办法?
For this, I have to put the .mdf files in a folder on the server. Is there any other way?
现在在此情况下,任何人都可以采取这些.MDF文件并在它们的SQL服务器和安培打开它们;查看数据库对象,如表,视图和过程。
Now in this case, anybody can take those .mdf files and open them in their SQL Server & view the database objects such as tables,views and procedures.
所以,我要保护我的.MDF文件的高级别或最大的安全性,并确保:
Therefore, I want to protect my .mdf files with high-level or maximum security and ensure that :
-
没人甚至可以从服务器中复制这些文件。
no one can even copy those files from the server.
如果文件被复制,然后他们自己不应该开,
if the files are copied then they themselves should not open,
如果打开了,他们应该要求密码
if opened then they should ask for passwords
所以,请指导我如何实现此安全?
So, please guide me how to implement this security?
另外,我想知道,当有人将数据库文件,那么无论用户,登录,角色也复制不?
Also, I want to know when someone copies the database files, then whether the user, logins, roles are also copied or not?
推荐答案
我们已经调查了这一点。在现实中与SQL防爆preSS,有人可以简单地停止服务并复制数据库文件没有问题。然后,这些可被移植到另一实例。
We have looked into this as well. In reality with SQL Express, someone can simply stop the service and copy the database files without issue. These can then be ported over to another instance.
Windows安全性和是否使用组策略的其他产品或其他一些市场的工具后,可以锁定文件系统是文件系统的安全你最好的赌注。
Windows security and other products whether you use group policy or some other after market tools that can lock down the file system are your best bets for file system security.
我beleive SQL并提供你正在寻找什么,这是TDE加密。可悲的是,这只是在企业版和有多少人没有提供实际的帮助了。
I beleive SQL does offer exactly what you are looking for and that is TDE encryption. Sadly this is only available in Enterprise edition and how many folks does that actually help out.
您也可以直接在你的数据库加密特定列。如果你有一组特定的,你是担心表关于这可能是在当前时间提供与防爆preSS的最佳选择。
You could also encrypt specific columns directly in your database. If you have a certain set of tables that you are worried about this is probably the best option offered with Express at the current time.
看看这篇文章由戴维·皮纳尔:<一href="http://blog.sqlauthority.com/2009/04/28/sql-server-introduction-to-sql-server-encryption-and-symmetric-key-encryption-tutorial-with-script/" rel="nofollow">http://blog.sqlauthority.com/2009/04/28/sql-server-introduction-to-sql-server-encryption-and-symmetric-key-encryption-tutorial-with-script/
Check out this article by Dave Pinal: http://blog.sqlauthority.com/2009/04/28/sql-server-introduction-to-sql-server-encryption-and-symmetric-key-encryption-tutorial-with-script/
我已经尝试过了,它的工作很好地保护您的敏感数据。
I have tried it and it does work well to protect your sensitive data.
这篇关于保护我的数据库文件的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
