locked
SQL Server 2005 Confirm Startup files RRS feed

  • Question

  • Is there a way for SQL Server 2005 to confirm that the config files which are used to startup SQL Server have not been modified since the last start?
    Tuesday, September 29, 2009 4:28 PM

Answers

  • I see. I can attempt and answer from a technical viewpoint. Perhaps somebody who is from the US and dealt with this might jump in with a regolatory reply.

    SQL Server read some configuration info from the Windows registry at startup. So, monitoring tampering with this would be a Windows question.

    Then the master database is started and further config info is read from master. Among other things, each other databases is repreasntaten here with the databases mdf file.

    So finally SQL Server read the mdf file for each database, find each other file for the database and starts recovery for the database.
    Tibor Karaszi, SQL Server MVP http://www.karaszi.com/sqlserver/default.asp http://sqlblog.com/blogs/tibor_karaszi
    Tuesday, September 29, 2009 7:19 PM

All replies

  • What config file are you referring to?
    Tibor Karaszi, SQL Server MVP http://www.karaszi.com/sqlserver/default.asp http://sqlblog.com/blogs/tibor_karaszi
    Tuesday, September 29, 2009 6:23 PM
  • I am applying a U.S. government Security Technical Implementation Guide which does not specify the files in question.  What it states is "The DBMS open data files and reads configurations files at system startup.  If the DBMS does not verify the trustworthiness of hte files at startup, it is vulnerable to malicious alterations of it configuration or unauthorized replacment of data."  It continues that there is the possibility that the DBMS does not support this functionality.  I am not aware of SQL Server supporting this functionality.  I am hoping that this forum can either give me some insight on how to implement the requirement or that I can say with confidence "Sorry, I cannot implement this requirement because SQL Server 2005 doe snot support that functionality."

    Any guidance you can give me would be appreciated.

    Tuesday, September 29, 2009 7:13 PM
  • I see. I can attempt and answer from a technical viewpoint. Perhaps somebody who is from the US and dealt with this might jump in with a regolatory reply.

    SQL Server read some configuration info from the Windows registry at startup. So, monitoring tampering with this would be a Windows question.

    Then the master database is started and further config info is read from master. Among other things, each other databases is repreasntaten here with the databases mdf file.

    So finally SQL Server read the mdf file for each database, find each other file for the database and starts recovery for the database.
    Tibor Karaszi, SQL Server MVP http://www.karaszi.com/sqlserver/default.asp http://sqlblog.com/blogs/tibor_karaszi
    Tuesday, September 29, 2009 7:19 PM