I have a database SQL server ,so I have 2 files (mdf and log).
how to protect mdf file from attach
SQL Server Transparent Data Encryption can prevent people from using the files elsewhere unless they have the appropriate certificates.
But if they've gained access to the server to the point where they can access those files directly, you have to consider the possibility that it's completely compromised.
Related
I am looking into implementing Transparent Data Encryption (TDE) on a SQL Azure database. Azure creates backups as .bacpac files. The documentation at TDE mentions that
"Backup files of databases that have TDE enabled are also encrypted by using the database encryption key. "
The documentation does not mention anything about .bak or .bacpac files specifically. Does anyone have experience, and more importantly, official documentation, that TDE will encrypt .bacpac files?
Any pointers and suggestions would be greatly appreciated.
UPDATE:
I was able to find official documentation here TDE Azure . At the bottom of the page it says that .bapacpac files are not ecrypted.
I feel like this is a huge drawback to TDE on SQL Azure, as I really like the feature that prevents .bak files from being restored on another server without the certificate/key used in the TDE.
.bak and .bacpac files are very different. .bak files are copies of the database file pages. .bacpac files are created by scripting out the TSQL statements to recreate the schema of a database and using Bulk Export to query and export the rows of all the tables. See https://msdn.microsoft.com/en-us/library/hh213241.aspx list item #2 under "Before You Begin" to see that .bacpac file data is extracted using bulk operations.
TDE works by encrypting the database file pages, but leaving the in memory version of the files in plaintext so they can be queried. Since .bak files are copies of the database file pages, they are encrypted. Since the data in .bacpac files are the output queries, they are plaintext and unencrypted just as bcp out files are from TDE databases.
I used SQL Server 2008 R2 database in my application, now I want to install the application for my friend. How can I block access to my database tables and stored procedures ?
I removed Windows authentication and SQL Server Management Studio just login with my own user or pass ! But what happen if he opens my database file in other Management Studio in other systems?
Your users should not have access (ACL permissions) to MDF files, ever. Not at all. They should, instead, have database access, and their account should be set to do what you want them to do, and not to do what you don't.
This is a pretty basic question, really; what you need to look into is SQL Server security, so you can figure out how and what to secure your database with users. But you also need proper file security, as I noted above.
Finally... your question makes me wonder; you do know that SQL Server is not necessarily meant to be installed on every single client system, right? You certainly can do that, but it's a server product. If you are installing it on a computer to which the user has admin rights, the game is pretty much over, really.
I have a feature in visual studio which I have never really understood.
I am able to 'right-click' on the App_Data folder and then I am able to select 'Sql Server Database'. I dont really understand how I can create a db using just an mdf file? I thought the sql service was responsible for manipulating these files? And that you have to create the db using the 'sql management studio' interface?
Im confised as to how we can essentially just have a lone file and run a db from it for a website?
You're application is still connecting through the SQL Server service but it can instruct the service to attach to a specific mdf file at runtime through a connection string. e.g.:
"Server=.\SQLExpress;AttachDbFilename=c:\mydbfile.mdf;Database=dbname; Trusted_Connection=Yes;"
All SQL Server databases are represented as one (or more) .mdf files and usually .ldf files as well (ldf is the log file, mdf is the data file.) An .mdf file is a file but it is highly structured and maintained by SQL Server. The way SQL Server uses this file is very different from serving up CSV data, as a simple example. SQL Server breaks the file into pages and serves the requests for reads and writes via this paging system. It is indeed like a file system within a file system. If you think about it it does all make sense. The data has to get persisted to disk and that disk persistence has to come in the form of a file or files.
When you installed Visual Studio you also installed SQL Server Express. This gives you the ability to create and use SQL Server databases.
If you were to deploy your application you would then also need to have a SQL Server (Express) install on the web-server you were using (at least because you don't want to use your development database server in production).
what is the recommendations should i do to prevent anyone from hacking or getting the sql server data base file (MDF File) ?
Note : i use sql server 2005
Some simple recommendations:
Do not expose access to your database server to the internet. It should be behind a firewall that only allows the web server to access it over a particular port (not the default).
Do not allow remote desktop or any other type of similar access from external connections. For internal connections, ensure that the passwords follow some type of policy. For example, require numbers, extended characters, etc.
Keep the database files in the normal data directory for sql server (file security is already set up for you).
Use transparent database encryption: http://msdn.microsoft.com/en-au/magazine/cc163771.aspx#S5 and How to protect the sql server 2005 MDF file
Make sure file sharing is turned off.
Make sure the only people who can access that server are the ones responsible for it.
Read up on sql injection to prevent other access mechanisms.
Use Active Directory security for database user accounts.
Use SSPI for the db connections so that you don't have a username/password stored in your web.config
Make sure that the network connection between your web and database server is encrypted via kerberos.
The same way you would protect any other file on your server.
I'd use a firewall and block every port than isn't needed.
i using sql2005, my hosting company allow me to use 300mb for my sql server. i wand to increase my sql database size
but i have 300GB is available in my FTP account.
Is It possible to create a DNS (some thing like MS ACCESS below) to my FTP account
<%
ConnStringHB = "Provider=Microsoft.Jet.OLEDB.4.0;Data Source=" & Server.MapPath("newdb2.mdb")&";Persist Security Info=False"
%>
hoping ur support
Since you're using SSME, that implies SQL Express.
If SQL Express is running on the same machine as your FTP folder, and if the SQL Server identity has access to that folder, then you can either use SSME to attach to an MDF file in the FTP folder, or use the AttachDbFilename property in your connection string to do it automatically.
However, keep in mind that SQL Express only supports a database size up to 4GB maximum -- so you still wouldn't be able to use the full 300GB, even in the best of circumstances.
Unfortunately, no. FTP is a protocol for transferring files, not for random access on files, which would be required for a database with reasonable performance.