Dear Friends
I want to use the encryption for the MDF files so that no one can just copy
the data and attach the MDF files to access the database.
When i have done the same the database is in Suspect Mode. Please suggest
what can be the reason.
I also have the following questions.
1. Can another user restore the database backup for the encrypted MDF files.
Thanks in advance.
Best regards
ShaileshI don't believe SQL Server supports encrypted files. If you don't want
someone to get ahold of your files then set the security on the box so that
only the people who need access have it. As for backups you should look at
SQL LiteSpeed from www.imceda.com . It allows you to encrypt the backup on
the fly.
Andrew J. Kelly SQL MVP
"Sharad2005" <niitmalad@.yahoo.co.uk> wrote in message
news:9667DEDF-C6BD-4817-BC5E-88941ABE10D2@.microsoft.com...
> Dear Friends
> I want to use the encryption for the MDF files so that no one can just
> copy
> the data and attach the MDF files to access the database.
> When i have done the same the database is in Suspect Mode. Please suggest
> what can be the reason.
> I also have the following questions.
> 1. Can another user restore the database backup for the encrypted MDF
> files.
> Thanks in advance.
> Best regards
> Shailesh|||Hi
Did you encrypt the file/directory when logged in as the SQL Server Service
Account? If not, you need to as the encryption/decryption can only be done b
y
one account.
Just be aware, if you change the user's password from Computer Manager / AD
User Manager, the encryption certificate becomes invalid and you loose total
access to the data on the encrypted file/directory.
If you do a SQL Server BACKUP, the resultant backup can be restored by
someone else, as long as it is not encrypted.
Copying the encrypted file to a different location, will result in it being
decrypted.
--
Mike Epprecht, Microsoft SQL Server MVP
Zurich, Switzerland
MVP Program: http://www.microsoft.com/mvp
Blog: http://www.msmvps.com/epprecht/
"Sharad2005" wrote:
> Dear Friends
> I want to use the encryption for the MDF files so that no one can just cop
y
> the data and attach the MDF files to access the database.
> When i have done the same the database is in Suspect Mode. Please suggest
> what can be the reason.
> I also have the following questions.
> 1. Can another user restore the database backup for the encrypted MDF file
s.
> Thanks in advance.
> Best regards
> Shailesh|||Hi,
You can use the Encrypted File System Support on Windows 2000
Windows 2000 support encrypted file system property.
Below are the steps encrypt the data files:
1) Logon with the SQL Server startup account
2) Stop SQL Server and sql agent service
3) Right click the data files, select properties, click Advance button,
check the "Encrypt contents to secure data"
4) Start the SQL Server service
See the below KB for more information:-
HOW TO: Encrypt Data Using EFS in Windows 2000
http://support.microsoft.com/defaul...kb;en-us;230520
Note:
If you change the SQL Server startup accout you have to redo the same,
otherwise SQL Server service will not start.
"With EFS, database files are encrypted under the identity of the account
running SQL Server. Only this account can decrypt the files. If you need to
change the account that runs SQL Server, you should first decrypt the files
under the old account, then re-encrypt them under the new account."
Thanks
Hari
SQL Server MVP
"Sharad2005" <niitmalad@.yahoo.co.uk> wrote in message
news:9667DEDF-C6BD-4817-BC5E-88941ABE10D2@.microsoft.com...
> Dear Friends
> I want to use the encryption for the MDF files so that no one can just
> copy
> the data and attach the MDF files to access the database.
> When i have done the same the database is in Suspect Mode. Please suggest
> what can be the reason.
> I also have the following questions.
> 1. Can another user restore the database backup for the encrypted MDF
> files.
> Thanks in advance.
> Best regards
> Shailesh|||Respectfully, EFS by itself is not a complete solution.
If the box is stolen - including the EFS recovery keys, then you are no
better off as the system administrator password can be hacked, the filestore
accessed and viola!
If you want to protect against this, then research the syskey command and
also read up about EFS recovery agents and make sure you know the full in's
and out's of it as otherwise it could cost you all your data. It is common
for people to lose data by losing EFS keys.
If some of your data is critical - e.g. columns containing say credit card
numbers, then encrypt it before it is stored and decrypt it when retrieving.
It is easy to code using .Net. This is not an easy solution tho' as you also
have to protect the keys used for encryption and decryption here. If you
want to store some type of passwords - use hashing instead - it is a one way
process. Research SHA1, SHA256 etc.
HTH
"Hari Prasad" <hari_prasad_k@.hotmail.com> wrote in message
news:ut72iu6kFHA.2396@.TK2MSFTNGP12.phx.gbl...
> Hi,
> You can use the Encrypted File System Support on Windows 2000
> Windows 2000 support encrypted file system property.
> Below are the steps encrypt the data files:
> 1) Logon with the SQL Server startup account
> 2) Stop SQL Server and sql agent service
> 3) Right click the data files, select properties, click Advance button,
> check the "Encrypt contents to secure data"
> 4) Start the SQL Server service
> See the below KB for more information:-
>
> HOW TO: Encrypt Data Using EFS in Windows 2000
> http://support.microsoft.com/defaul...kb;en-us;230520
> Note:
> If you change the SQL Server startup accout you have to redo the same,
> otherwise SQL Server service will not start.
>
> "With EFS, database files are encrypted under the identity of the account
> running SQL Server. Only this account can decrypt the files. If you need
> to
> change the account that runs SQL Server, you should first decrypt the
> files under the old account, then re-encrypt them under the new account."
> --
> Thanks
> Hari
> SQL Server MVP
>
> "Sharad2005" <niitmalad@.yahoo.co.uk> wrote in message
> news:9667DEDF-C6BD-4817-BC5E-88941ABE10D2@.microsoft.com...
>
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment