4  

Depending on the type of data I'm not sure that encryption is necessary providing you secure access to the system and the database itself. All of our production database servers are behind a firewall. Only systems that are on the administrative network are allowed access through the firewall and then only on specific, required ports. Database servers don't host web servers.

根据数据类型,我不确定加密是否必要,为您提供对系统和数据库本身的安全访问。我们所有的生产数据库服务器都在防火墙之后。只允许管理网络上的系统通过防火墙进行访问,然后才能访问特定的所需端口。数据库服务器不承载Web服务器。

Access to the database servers themselves is strictly limited to DBAs and platform support personnel. They use administrative logins, not their personal login ids. That way if their personal account is compromised the database servers aren't.

对数据库服务器本身的访问严格限于DBA和平台支持人员。他们使用管理登录,而不是他们的个人登录ID。这样,如果他们的个人帐户被泄露,则数据库服务器不会。

For web servers only web admins and platform support have access (I happen to wear two hats, web developer and web admin, although that is rare in our organization).

对于Web服务器,只有Web管理员和平台支持才能访问(我碰巧戴两个帽子,Web开发人员和Web管理员,尽管在我们的组织中这种情况很少见)。

Developers have access to shares where they can publish their application, usually coordinated with the web admin for any setup/configuration. Some senior developers are given administrator access to databases in order to create/modify schemas.

开发人员可以访问他们可以发布应用程序的共享,通常与Web管理员协调以进行任何设置/配置。一些高级开发人员被授予管理员访问数据库的权限,以便创建/修改模式。

Usually, what happens is you develop using a locally installed database server, upload code to QA servers that have a little looser access policy, but are only accessible from company networks, then have the DBAs copy the database schema and roles to production and publish your app to the production web server.

通常情况下,您使用本地安装的数据库服务器开发,将代码上载到具有更松散访问策略的QA服务器,但只能从公司网络访问,然后让DBA将数据库架构和角色复制到生产并发布您的应用程序到生产Web服务器。

Web apps are often configured to run under limited credential service accounts which have read/write, but not admin, access to the database. I typically encrypt any part of my web.config that contains connection information as well.

Web应用程序通常配置为在有限的凭据服务帐户下运行,该帐户具有对数据库的读/写但不具有管理权限的访问权限。我通常会加密包含连接信息的web.config的任何部分。

The general idea is to give enough access to get your job done without too much bother, but limit access to the minimum required.

一般的想法是提供足够的访问权限以完成工作而不必过多麻烦,但限制访问所需的最低要求。

Oh. And no "real" data on development or QA servers.

哦。并且没有关于开发或QA服务器的“真实”数据。

[EDIT] We don't keep SSNs or credit card numbers. If you do, you'll need to be even more careful. Most of my apps do access logging, some are required to due to HIPPA, but I find that it is a good practice for just about anything meaningful

[编辑]我们不保留SSN或信用卡号码。如果你这样做,你需要更加小心。我的大多数应用程序都会访问日志记录,有些是由于HIPPA所必需的,但我发现对于任何有意义的事情都是一个很好的做法

1  

Well the developers should probably do all their work on a development database that doesn't contain sensitive information to start with.

那么开发人员可能应该在一个不包含敏感信息的开发数据库上完成所有工作。

1  

Here in the UK we have legislation known as the Data Protection Act. If you worked for a UK company I would advise you to speak to your company's 'data controller' (being the individual whom the Information Commissioner's Office can pursue legally in instances of non-compliance) and they will be able to furnish you with a definitive answer about what 'secure' means as regards the data in question, probably enshrined in a written company policy.

在英国,我们的立法称为“数据保护法”。如果您在一家英国公司工作,我会建议您与贵公司的“数据控制者”(信息专员办公室可以在违规情况下合法追求的个人)交谈,他们将能够为您提供最终信息。回答关于有问题的数据的“安全”意味着什么,可能包含在公司书面政策中。

If you are in the US I'd guess your corporation might have a bunch of highly paid lawyers who will be able to similarly give a definitive answer :)

如果你在美国,我猜你的公司可能会有很多高薪律师能够同样给出明确答案:)

I'm no legal expert but would suggest that obfuscating data does not make it fit for any purposes other than that for which it was obtained e.g. integration testing by developers using obfuscated 'real life' data is probably a no-no.

我不是法律专家,但会建议混淆数据不能使其适用于除获得数据之外的任何其他目的。开发人员使用混淆的“现实生活”数据进行集成测试可能是禁忌。

0  

You need to pratice standard security for a windows server. A good place to start is to use integrated logins rather that SQL logins.

您需要为Windows服务器提供标准安全性。一个好的起点是使用集成登录而不是SQL登录。

You will need to study the books on-line. You can give some users read-only access. Others can be denied access to sensitive tables.

你需要在线学习这些书。您可以为某些用户提供只读访问权限。其他人可能被拒绝访问敏感表。

0  

I would use Active Directory to control access to SQL Server or any network resource. By grouping the users and applying security to the group, it will make it so much easier to make changes in the future.

我会使用Active Directory来控制对SQL Server或任何网络资源的访问。通过对用户进行分组并将安全性应用于组,可以使将来更容易进行更改。

Here is a guide from Microsoft on SQL Server 2005 Security Best Practices: http://download.microsoft.com/download/8/5/e/85eea4fa-b3bb-4426-97d0-7f7151b2011c/SQL2005SecBestPract.doc *Note: it downloads a Word document, so you will need MS Word or the MS Word viewer

以下是Microsoft关于SQL Server 2005安全最佳实践的指南:http://download.microsoft.com/download/8/5/e/85eea4fa-b3bb-4426-97d0-7f7151b2011c/SQL2005SecBestPract.doc *注意:它下载Word文档,因此您需要MS Word或MS Word查看器

This document has a lot of detail so you may want to grab some coffee first :).

这份文件有很多细节,所以你可能想先喝点咖啡:)。

However, I agree with the others, active development shouldn't happen against production data. We currently use a process of cleaning production data before it gets to the QA or Dev environments.

但是,我同意其他人的意见,积极的发展不应该发生在生产数据上。我们目前在进入QA或Dev环境之前使用清理生产数据的过程。

Another option we explored is developing a solution to generate data for Dev and QA.

我们探索的另一个选择是开发一个为Dev和QA生成数据的解决方案。