How can i secure my MDF file?

Open Enterpirse Manager and navigate to Security and then expand Logins.
In the Logins delete the entry Builtin\Administrators and specifically add the user whom u want to give access to.

Regards,
Vikram

Vikram at 2007-9-8 >

There is no bulletproof solution that will protect the database from a box admin. You cannot prevent the box admin from being able to read the MDF file, and if he can do that, he can attach it to his own SQL Server installation. The box admin could also attach a debugger to the SQL Server process and try to read passwords.

The main difficulty in protecting the database from the box admin is that the server it is attached to is supposed to read it, so that means there is a way to access it locally, and you cannot hide that method from a determined box admin, you can maybe only make it a little harder for him to find it, that's all.

Thanks
Laurentiu

LaurentiuCristofor at 2007-9-8 >

No way about this question. As maximum is possible to protect only stored precedures with encryption.

renis at 2007-9-8 >

However, you can secure the data with encryption. Identify the actual risks you are worried about and address them individually - the MDF is but a piece of the pie.

Mulhall at 2007-9-8 >

Hi, Renis!

Interesting idea ! Now we have no way to protect MS SQL databases except tricks.

But will it be a reliable solution? - might be MS company will fix this "problem"?

What will happen if SQL Server service try to start with windows account which does not exist - how OS can check the account that used to log on for SQL Server service?

AlexanderDragon at 2007-9-8 >

Wow

This is a real let down.

From an engineers perspective I can see that the only true way to expect encryption of data and structure is runtime implmentation of some integrated on the fly encryption.

Seeing that MS doesn't implement this into the framework of SQL Server, I certainly am not expecting to succeed where they have failed, especially without the source for SQL Server.

So, as to contents ? On the fly encryption

as to DB table structres ? Zilch ?

I SUPPOSE technically SQL Server would have to allow encrypted schema meta data and at runtime force all decrypted info to memory, which is a space hit,

AUGH! -

In a perfect world, if the user had enough memory, the entire MDF could be decrypted ONLY to memory I suppose. I can see no other way that prevents exposing access to a 'file' that is decrypted for an instant. Maybe some kind of 'partially' encrypted workspace on disk as a cache perhaps, where one would always be looking at a 'mix' of encrypted data mixed in with unencrypted, and this no doubt would cause SOME overhead to pull off.

Seeing as it's unfair to request a user to hold 2 GB + of RAM (not that MSDE 2000 is limited to this as to allowed memory, heh, that's only DB size that's capped at 2GB), I can see no way to protect the structure of the MDF from being seen if sp_attachdb is used.

I CAN see 3rd party COM encryption for MSDE 2000 in my case, at the expense to the user for the runtime decryption, which I've not figure out if SQL engine truly does internally or not.

Oh well.

Damn human's - can't trust em ? Isn't THIS the real problem ?

Paindeer

PainDeer at 2007-9-8 >

problem with creating a new admin user is.... another admin can delete the user. Then all the files that have been encrypted can no longer be accessed..... that is very bad!

script at 2007-9-8 >