如何保护数据库免受 Sql Server 中的服务器管理员的影响 [英] How to protect a database from the Server Administrator in Sql Server
问题描述
我们有一个客户要求保护我们的应用程序使用的数据库,即使是他们的本地管理员(审计员刚刚给了他们这个要求).
We have a requirement from a client to protect the database our application uses, even from their local administrators (Auditors just gave them that requirement).
在他们的要求中,保护数据意味着 Sql Server 管理员不能读取,也不能修改存储在表中的敏感数据.
In their requirement, protecting the data means that the Sql Server admin cannot read, nor modify sensitive data stored in tables.
我们可以使用 Sql Server 2005 中的加密来做到这一点,但这会干扰我们的第三方 ORM,并且它还有其他缺点,例如索引等.
We could do that with Encryption in Sql Server 2005, but that would interfere with our third party ORM, and it has other cons, like indexing, etc.
在 Sql Server 2008 中,我们可以使用 TDE,但我知道此解决方案不能防止具有 Sql Server 管理员权限的用户查询数据库.
In Sql Server 2008 we could use TDE, but I understand that this solution doesn't protect against a user with Sql Server admin rights to query the database.
是否有针对此问题的最佳实践或已知解决方案?
Is there any best practice or known solution to this problem?
此问题可能类似于由主机提供商托管应用程序,并且您希望保护数据免受主机管理员的侵害.
This problem could be similar to the one of having an application hosted by a host provider, and you want to protect the data from the host admins.
我们可以使用 Sql Server 2005 或 2008.
We can use Sql Server 2005 or 2008.
推荐答案
This has been asked a lot in the last few weeks. The answers usually boil down to:
(
a) 如果您不控制应用程序,您就注定要信任 DBA
a) If you don't control the application you are doomed to trust the DBA
或
b) 如果您确实控制了应用程序,则可以使用只有应用程序知道的密钥加密所有内容,并在退出时解密.不过,它会稍微(或很多)损害性能,这就是 TDE 存在的原因.防止篡改的一种变体是使用列中值的加密散列,在应用程序访问时检查它们.
b) If you do control the application you can encrypt everything with a key only known to the application, and decrypt on the way out. It'll hurt performance a bit (or a lot) though, that's why TDE exists. A variant of this to prevent tampering is to use a cryptographic hash of the values in the column, checking them upon application access.
)
和
c) 进行大量审核,以便您可以控制管理员的行为.
c) Do extensive auditing, so you can control what are your admins doing.
这篇关于如何保护数据库免受 Sql Server 中的服务器管理员的影响的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
