protecting sql server database file

2019-07-14 18:59发布

问题:

what is the recommendations should i do to prevent anyone from hacking or getting the sql server data base file (MDF File) ?

Note : i use sql server 2005

回答1:

Some simple recommendations:

  1. Do not expose access to your database server to the internet. It should be behind a firewall that only allows the web server to access it over a particular port (not the default).
  2. Do not allow remote desktop or any other type of similar access from external connections. For internal connections, ensure that the passwords follow some type of policy. For example, require numbers, extended characters, etc.
  3. Keep the database files in the normal data directory for sql server (file security is already set up for you).
  4. Use transparent database encryption: http://msdn.microsoft.com/en-au/magazine/cc163771.aspx#S5 and How to protect the sql server 2005 MDF file
  5. Make sure file sharing is turned off.
  6. Make sure the only people who can access that server are the ones responsible for it.
  7. Read up on sql injection to prevent other access mechanisms.
  8. Use Active Directory security for database user accounts.
  9. Use SSPI for the db connections so that you don't have a username/password stored in your web.config
  10. Make sure that the network connection between your web and database server is encrypted via kerberos.


回答2:

The same way you would protect any other file on your server.



回答3:

I'd use a firewall and block every port than isn't needed.