on 2012 Jan 20 3:45 AM
Hello,
We are looking into several security concerns, and we are wondering if it would be possible to disable the creation of a backup of a Sybase SQL Anywhere 11.0.1 database. We currently often use DBBackup.exe to create a backup of a database. However, there are some databases running in the field where we would like to block this possibility from any user. I have found in the Authorities of a user the checkbox "backup" "required to perform database backups", however think that the DBA also has this possibility. Would it be possible to block this from the DBA aswell, or have a database without a DBA user ? (that last doesn't seem possible)
Kind regards,
Michael
Some suggestions:
That may rather limit your possibilities...
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
By definition DBA can do anything - they are the owner of the database. I don't think that a database could exist without one.
I suspect the answer to your problem is to ensure that the DBA password is NEVER distributed and that clients in the field connect with a lower level of authority. You may also want to look at database encryption so that the database file cannot be hacked directly.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Well, we do use databases without a DBA (actually still with a DBA, however the DBA user has not password and cannot connect anymore - just like these particular SYS and dbo users), but these are SQL remote databases, and they can "re-gain" a DBA "from outside" by means of passthough mode. Something similar might be possible with MobiLink clients (but I'm not sure). So that's a very particular situation.
For a single database, I don't think it even makes sense to drop any user with DBA priviledge - you would not be able to alter anything general afterwards...
FWIW, I just tested with the v12 demo: You are able to revoke the DBA priviledge from a DBA user, and she cannot do backup afterwards (unless the BACKUP priviledge is set explicitly). However, as stated, you won't be able to change the back if there's no other user with DBA priviledge...
User | Count |
---|---|
68 | |
10 | |
10 | |
7 | |
6 | |
6 | |
6 | |
5 | |
5 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.