Presents your SQL SERVER E-NEWSLETTER for June 5, 2003 <-------------------------------------------> BEWARE OF POTENTIAL PASSWORD HAZARDS DURING BACKUPS When creating a backup, you can specify a password for the media set, the backup set, or both. Defining passwords for either set is an optional feature of the BACKUP statement. Securing backups with passwords may seem instinctual, but there are some things to keep in mind so you don't lock yourself out of your own backup or, more importantly, give yourself a false sense of security. Watch out for these four potential password pitfalls: * Passwords will typically prevent unauthorized restores and appends of backup sets to media. Passwords do not prevent overwriting of media with the FORMAT option. So, while passwords can protect content from unauthorized access with SQL Server tools, they can't protect content from being destroyed. * While BACKUP passwords can prevent access to content with SQL Server tools, they cannot prevent access to content from outside software. Data in backup sets aren't encrypted, so any program designed specifically for this purpose could examine it. To maintain high security, make sure unauthorized personnel cannot access your media. * If you must use passwords on media sets as well as backup sets, the user will need to belong to the appropriate fixed server role (sysadmin) or fixed database role (db_owner or db_backupoperator). If users have the right passwords but not the right role membership, they won't be able to execute any BACKUP operations. * Passwords can also cause problems during backups with ownership and permission on the backup device's physical file. SQL can't write the backup to the device if it doesn't have permission. Problems on the backup device's physical file usually don't appear until the physical resource is accessed when the backup or restore is attempted. If you haven't used this device before, make sure SQL has the permissions it needs to physically access the device. ----------------------------------------