Hi experts, I would like to ask if it is feasible to limit the accessibility of an SA account in SQL 2005 in a specific database. The reason of doing this procedure is since we are deploying a package software to our client(s) we want to secure our own database to get tampered by our client(s).
No its not possible to restrict SA from any database. There are many post on this topic on this forum
check this
http://forums.microsoft.com/MSDN/ShowPost.aspx?PostID=1993336&SiteID=1
Madhu
|||Is there any suggestion on how could we secure our Database? for a possible tampering? or changing the data types.|||Create DDL trigger on this database and prevent tampering or log tampering of the db objects. Its very good option avaliable in sql server 2005. Generally, you should remove Built/AdminGroup,Guest from the database. Set strong password for SA
Madhu
|||Thanks to your effort. I will try this for now|||check my blog for some DDL script
http://madhuottapalam.blogspot.com/search?q=ddl+trigger
Madhu|||I just want to emphasize that (as Madhu mentioned) it is not possible to restrict members of sysadmin from any database. Using triggers and other mechanisms to try to avoid tampering can be very helpful for keeping honest people honest and to prevent modifying the schema by mistake, but a sysadmin with enough determination won’t be stopped by such mechanisms.
Thanks,
-Raul Garcia
SDE/T
SQL Server Engine
No comments:
Post a Comment