locked
MDF file and LDF file theft RRS feed

  • Question

  • Dear all,

     we are installing applications on Production Machine on client place. I want prevent the theft of MDF and LDF file and BAK file. Because if they do like this they are taking our Database architecture. It is heavy loss for us. How do i prevent them to restore all above files from others. Please provide best practice to do that.

     

    Thanks.

    Saturday, July 9, 2011 5:59 AM

Answers

  • You set up a hosted environment at your site, where you client can evaluate the application without having direct access to the files.

    If you have this concern also after the client has bought the application, you will have to find a hosting solution on a permanent basis. One possibility is to put the application in the cloud on SQL Azure.

    Once you put the files in place at the customer site, there is no technical way to prevent them to do whatever they want with the files. TDE, Transparent Data Encryption was mentioned, but this is not a solution. To start with, this feature is available only in Enterprise Edition. And more importantly, it would not help. The client needs to have the encryption key to access the data in the database.

    Possibly you could achieve this with EKM, Extensible Key Management, where the encryption key sits on an external device. But again, this is an Enterprise-only feature, and again, the client must have access to the encryption key.

    From a legal point of view it is different. You need to make sure that you have a strong license agreement which controls what the client may or may not do with the database.


    Erland Sommarskog, SQL Server MVP, esquel@sommarskog.se
    Sunday, July 10, 2011 8:47 AM

All replies

  • >> I want prevent the theft of MDF and LDF file and BAK file How do i prevent them to restore all above files from others.

     

    Look into  Transperent Data Encryption in SQL Server 2008. (Enterprise Edition Only)


    Also, this question was discusses previously in this forum (See Reply from Raul Garcia MSFT) 

    http://social.msdn.microsoft.com/Forums/en-US/sqlsecurity/thread/79796d31-615b-4825-af9b-68fc10a935ad/



    • Proposed as answer by Lekss Sunday, July 10, 2011 7:34 AM
    Saturday, July 9, 2011 11:28 AM
  • If you are using SQL Server 2008 and onward then take a look at links provided by Chirag otherwise of those users are syadmin you won't be able to prevent from restoring the database
    Best Regards, Uri Dimant SQL Server MVP http://dimantdatabasesolutions.blogspot.com/ http://sqlblog.com/blogs/uri_dimant/
    Sunday, July 10, 2011 6:27 AM
  • You set up a hosted environment at your site, where you client can evaluate the application without having direct access to the files.

    If you have this concern also after the client has bought the application, you will have to find a hosting solution on a permanent basis. One possibility is to put the application in the cloud on SQL Azure.

    Once you put the files in place at the customer site, there is no technical way to prevent them to do whatever they want with the files. TDE, Transparent Data Encryption was mentioned, but this is not a solution. To start with, this feature is available only in Enterprise Edition. And more importantly, it would not help. The client needs to have the encryption key to access the data in the database.

    Possibly you could achieve this with EKM, Extensible Key Management, where the encryption key sits on an external device. But again, this is an Enterprise-only feature, and again, the client must have access to the encryption key.

    From a legal point of view it is different. You need to make sure that you have a strong license agreement which controls what the client may or may not do with the database.


    Erland Sommarskog, SQL Server MVP, esquel@sommarskog.se
    Sunday, July 10, 2011 8:47 AM