Please start any new threads on our new
site at https://forums.sqlteam.com. We've got lots of great SQL Server
experts to answer whatever question you can come up with.
| Author |
Topic |
|
nonword
Starting Member
2 Posts |
 Posted - 2008-02-05 : 12:14:40
|
| We frequently send a database backup to one of our vendors so they can load our database and investigate a problem we've discovered with their software. The database backup is obtained via EM > Backup Database. Should we be concerned about the resultant backup containing any sensitive data? Is there any possibility for the recipient to extract login credentials from the backup? Since migrating SQL Server users is its own process I'm 90% sure we have nothing to worry about, but I'd like to know for sure.Much thanks! |
|
|
CShaw
Yak Posting Veteran
65 Posts |
Posted - 2008-02-05 : 16:36:42
|
| It depends on what you consider sensitive data. If there was a SSN in there or other data that is internal to the database itself then I would consider that to be sensitive, and I would be concerned about the data that was in there.From the sound of your question I think you may be asking if the passwords are being stored inside the database. If I stated that correctly the answer is no, SQL Server Login Passwords are stored in the master database and are encrypted. Logins them selfs without passwords can be recovered from a User Database, and that is a place to start. If the application uses its own type of security then those may be in there and the vendor will know where to find them if they want them.Chris Shawwww.SQLonCall.com |
 |
|
|
nonword
Starting Member
2 Posts |
Posted - 2008-02-05 : 17:01:29
|
| Thank you very much Mr. Shaw. Indeed when I said 'sensitive data' I meant sql server login passwords - not the user-defined data that I know to be in the database. Thanks for your help. |
|
|
|
|
|
|
backups contain sensitive data?