Geek Answers Handbook

How can we protect our data from the database administrator?

I have very confidential data in my database. I am trying to protect my data from dba.

I am a member of the development team. We develop our software and delpoy on a server that has its own dba. We have limited control over the server.

In this case, how can I prevent the dba server from searching for my data and refuse to make changes to them.

Is it possible?

+7
security sql-server
source share
4 answers

You can always encrypt all the data entering the database.

However, the DBA will have full control over this data - it will not be able to decrypt it, but it will be able to read it (in encrypted form), update it, and even delete it. There is nothing you can do about it.

You really need to rethink the situation - how can you work with a database administrator that you cannot trust? Most places have a service agreement that prohibits database administrators from doing certain things. You should rely on such confidence if you do not think your database administrators are trustworthy.

+6
source share

Encrypt on the client side, only send and store encrypted data in the database.

In an instance of SQL Server, sysadmin can do everything and cannot be blocked.

Some thoughts ... why is your development team more trusted, then the only database administrator who I think is looking after more than one SQL Server window? Can you explain more please?

+5
source share

In Oracle, you can use the database repository option.

+1
source share

there are 2 ways

1 Manual encryption is decrypted with a password (Only a person who knows the password can encrypt / decrypt)

2 Automated (inside the code) encryption, decryption (The developer who wrote the code can see the data)

Add a CRC to check if the data has been changed. Keep a backup copy of the senstive data for recovery if it is deleted or changed.

+1
source share

More articles:


All Articles