Friday, January 20, 2006

SQL Sever & file permissions

In the course of trying to track down a problem running the application i'm involved in developing at the moment, I stumbled across the following article describing what SQL Server does with file permissions when it attaches to a database file.
The article states that for security reasons it changes the file permissions so that if a file has been placed in an insecure folder, then it attempts to protect it from someone without the privileges from moving or deleting it.
It seems to me to be a little mis-guided. Firstly, I would assume that it's the responsibility of the DBA, to place all database files in an appropriate place with appropriate permissions to the various users that require access. The secure by default paradigm is all well & good, but there is no way to turn this behavior off. Secondly, it doesn't really achieve anything. If a DBA has been dumb enough to place a vitally important database file in a folder that anyone has full control over, then if SQL Server is not attached, the user can easily cut & paste the folder wherever they want which will have the same effect as moving the original file.

Maybe i'm not seeing something here, I can't really see the need for this.

No comments:

Post a Comment