SQL Server 2005 MDF文件的安全性如何? (关于:安全性)
[英]How safe are SQL Server 2005 MDF files? (re: security)
问题描述
We've started using SQL Server 2005 Express for a project and I noticed that every database has it's own MDF/LDF files. 
我们已经开始将SQL Server 2005 Express用于一个项目,并且我注意到每个数据库都有它自己的MDF / LDF文件。 Whenever we need to duplicate our database (to another SQL Server) we simply copy these files and then attach them to the database. 每当我们需要将数据库复制到另一个SQL Server时,我们只需复制这些文件,然后将它们附加到数据库即可。
However, this has me wondering about the security of these files. 但是,这使我想知道这些文件的安全性。 If somebody from the outside gets a copy of them are they encrypted or can they simply attach to them like I'm doing? 如果从外面得到某人的副本,则对它们进行加密还是可以像我在做的那样简单地附加到它们上? I'm not prompted for any passwords when I copy/attach them myself so I'm a bit nervous. 当我自己复制/附加密码时,没有提示输入任何密码,因此我有点紧张。
Thanks, John 谢谢,约翰
1 个解决方案
解决方案1
3 已采纳 2010-02-02 18:39:43
They are not encrypted and can be loaded/attached by any person with read access to the MDF/LDF files. 它们没有经过加密,任何对MDF / LDF文件具有读取权限的人都可以加载/附加它们。
There are a couple of approaches you can take if the actual MDF files need to be protected. 如果需要保护实际的MDF文件,可以采用两种方法。 (This assumes that merely using file permissions to lock down access isn't feasible, for example if you need to protect against users with Administrative rights to the machine or direct HDD access.) (这假设仅使用文件权限来锁定访问是不可行的,例如,如果您需要防止对计算机具有管理权限或直接进行HDD访问的用户受到保护)。
- Use EFS or BitLocker or similar to encrypt the files themselves. 使用EFS或BitLocker或类似的方法对文件本身进行加密。 This won't protect against other applications in the same session/context accessing the files, but it will protect against other accounts accessing the files (EFS) or someone stealing a laptop/hard drive (EFS/BitLocker). 这不能防止在同一会话/上下文中访问文件的其他应用程序,但是可以防止其他帐户访问文件(EFS)或有人窃取笔记本电脑/硬盘驱动器(EFS / BitLocker)。
- Encrypt the sensitive data within the database itself. 对数据库本身内的敏感数据进行加密。 You will obviously want to store the encryption key separately (possibly using DPAPI to protect it, for example). 您显然显然希望单独存储加密密钥(例如,可能使用DPAPI对其进行保护)。 SQL Server 2008 Enterprise Edition introduces a feature called Transparent Database Encryption ( TDE ) to make this process easier, which obviously doesn't help much for 2005 or Express Edition, unfortunately. SQL Server 2008 Enterprise Edition引入了一个称为透明数据库加密( TDE )的功能,以使此过程变得更容易,但不幸的是,对于2005或Express Edition,这显然没有太大帮助。 Your best option in this case might be to do custom encryption of sensitive data in your app. 在这种情况下,最好的选择是对应用程序中的敏感数据进行自定义加密。 (Unfortunately in 2005 this will require either using varbinary fields or Base64-encoding encrypted values etc.) (不幸的是,在2005年,这将需要使用varbinary字段或Base64编码的加密值等。)
- Don't store the data locally in the first place (ie use a remote SQL Server rather than a local Express instance). 首先不要在本地存储数据(即使用远程SQL Server而不是本地Express实例)。 That doesn't truly solve the problem, but it reduces it (you only need to protect the remote instance rather than N local/express copies). 那并不能真正解决问题,但是可以解决(您只需要保护远程实例,而不是N个本地/快速副本)。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.