Erland Sommarskog wrote:
> Annonymous Coward (me@[EMAIL PROTECTED]
) writes:
>> Not to put too fine a point on it (i.e. to be blunt). I don't want end
>> users looking "inside" the database (i.e. to see table names, stored
>> proc names, and be able to analyse stored proc logic etc).
Additionally,
>> I do not want them to be able to run my stored procs (outside the app),
>> in order to attempt to modify/hack the database - apart from
>> intellectual copyright issues, sup****t/maintenance will become a
>> nightmare, if users are able to access the database (outside of my
app),
>> and "hack around".
>
> I'm still not clear over the scenario. Do you work with an application
> that is used inside a cor****ation and you don't want regular users to
> access the database outside the application, but you agree to permit
> sysadmin people to access it? Or do you sell a general product, and
> don't want your customers to access your database outside the
application?
> Since you talk about intellectual property rights, I assume that this is
> your case.
>
> Again, there is no way that you can prevent anyone who has sysadmin
> rights to access your database. You can make things more difficult
> by adding the WITH ENCRYPTION clause to stored procedure, but this is
> not encryption, only obfustication, and methods to regain the clear
> text of the procdures can easily be found on Google.
>
>> What I currently have (my existing PostgreSQL solution), is that I use
>> roles grants and sufficiently 'hard' passwords, which are stored
>> (encrypted) in my application modules.
>
> But this is not secure. It the application can decrypt the password, so
> can the user, because the application must get the decryption key from
> somewhere the user has read access.
>
> You can achieve the same in SQL Server with application roles, but as I
> pointed out in my previous post, this is not a secure solution on a
> two-tier application, unless security by obscurity is good enough for
> you.
>
>> I want to know if I can have a similar security scheme using SSE. I
>> would like to know whether the administrator of a machine can still
>> "overide" my security and "use" my database (outside my app), even
>> though I have grants for specific roles (which require passwords) on
the
>> database objects?
>
> Yes, they can. And without having seen PostgreSQL, I would be very
surprised
> if the case is the not same there.
>
> In any case, the one place where you should regulate undesired access to
> the database is the license and sup****t agreements.
Thanks for the clarification. It seems there is little incentive for me
to move (atleast at this stage), from PG to SSE (I have written custom
functions in C that I would have needed to ex****t over to SSE using CLR
with C# and PInvoke). It seems that there is not much to be gained from
the moveover for now, as I need to release a version shortly. But thanks
for your input.
|
