StackOverflow2013

Note that there are some explanatory texts on larger screens.

plurals

PO
primarykey
Id
932797
data
AcceptedAnswerId
0
AnswerCount
0
ClosedDate
CommentCount
1
CommunityOwnedDate
CreationDate
2009-05-31T20:33:25.857
FavoriteCount
0
LastActivityDate
2009-05-31T20:33:25.857
LastEditDate
LastEditorUserId
0
OwnerUserId
105929
ParentId
932728
PostTypeId
2
Score
5
ViewCount
0
LastEditorDisplayName
text
Body
Anything you do at the server level the admin can undo. That's the very definition of its role and there's nothing you can do to prevent it. In SQL 2008 you can request auditing of the said SQL server with X events, see <a href="http://msdn.microsoft.com/en-us/library/cc280386.aspx" rel="noreferrer">http://msdn.microsoft.com/en-us/library/cc280386.aspx</a>. This is CC compliant solution that is tamper evident. That means the admin can stop the audit and do its mischievous actions, but the stopping of the audit is recorded. In SQL 2005 the auditing solution recommended is using the <a href="http://msdn.microsoft.com/en-us/library/ms187346.aspx" rel="noreferrer">profiler infrastructure</a>. This can be made tamper evident when correctly deployed. You would prevent data changes with triggers and constraints and audit DDL changes. If the admin changes the triggers, this is visible in the audit. If the admin stops the audit, this is also visible in the audit. Do you plan this as a one time action against a rogue admin or as a feature to be added to your product? Using digital signatures to sign all your application data can be very costly in app cycles. You also have to design a secure scheme to show that records were not deleted, including last records (ie. not a simple gap in an identity column). Eg. you could compute <a href="http://msdn.microsoft.com/en-us/library/ms188920.aspx" rel="noreferrer">CHECSUM_AGG</a> over <a href="http://msdn.microsoft.com/en-us/library/ms173784.aspx" rel="noreferrer">BINARY_CHECKSUM(*)</a>, sign the result in the app and store the signed value for each table after each update. Needles to say, this will slow down your application as basically you serialize every operation. For individual rows cheksums/hashes you would have to compute the entire signature in your app, and that would require possibly values your app does not yet have (ie. the identity column value to be assigned to your insert). And how far do you want to go? A simple hash can be broken if the admin gets hold of your app and monitors what you hash, in what order (this is trivial to achieve). He then can recompute the same hash. An HMAC requires you to store a secret in the application which is basically impossible against a a determined hacker. These concerns may seem overkill, but if this is an application you sell for instance then all it takes is for one hacker to break your hash sequence or hmac secret. Google will make sure everyone else finds out about it, eventually. My point is that you're up the hill facing a loosing battle if you're trying to deter the admin via technology. The admin is a person you trust and if this is broken in your case, the problem is trust, not technology.
Tags
Title
singulars
PostAcceptedAnswerId
1. This table or related slice is empty.
PostParentId
1. POSQL Server Database securing against clever admins?
 singulars
 PostTypePostTypeId
 PTQuestion
PostTypePostTypeId
1. PTAnswer
UserLastEditorUserId
1. This table or related slice is empty.
UserOwnerUserId
1. USRemus Rusanu
plurals
PostLinksPostIdRelatedPostId
1. This table or related slice is empty.
PostLinksRelatedPostIdPostId
1. This table or related slice is empty.
PostsAcceptedAnswerId
1. POSQL Server Database securing against clever admins?
 singulars
 PostTypePostTypeId
 PTQuestion
PostsParentIdCreationDate
1. This table or related slice is empty.
VotesPostIdCreationDate
1. VO
 singulars
 PostPostId
 PO
 UserUserId
 This table or related slice is empty.
 VoteTypeVoteTypeId
 VTUpMod
2. VO
 singulars
 PostPostId
 PO
 UserUserId
 This table or related slice is empty.
 VoteTypeVoteTypeId
 VTUpMod
3. VO
 singulars
 PostPostId
 PO
 UserUserId
 This table or related slice is empty.
 VoteTypeVoteTypeId
 VTUpMod
CommentsPostId
1. CO+1 good answer, helpful tips on auditing. do your best to avoid unintentional changes (constraints, triggers, auditing), and to detect intentional changes, but in the end, it boils down to a problem of trust.
 singulars
 PostPostId
 PO
 UserUserId
 USspencer7593

Querying!

Guidance

A row detail

Detail views are divided into sections. All the information in the data section comes from columns in the selected row. The other sections display data from other, related rows.

Related data can be related in a to-one or a to-many fashion. Captions of data related in a to-many fashion link to a list view showing a filtered view of the table.

Try moving around until you find a non-empty to-many entry and click on the label to get to one. You can move back to the root by clicking on the database name in the header.