>Hi,
>
>I have some simple question on SQL server 2000.
>
>01) Why is it that when I detach a DB, change the SA password, then attach back the DB, I can still view the attached DB content. Should it be asking me for the old password before it can view the content ? Any way to implement such that the content cannot be view at all ?
>
>02) If I want to protect my DB from user looking at my table structure and SP (stored procedure and views), any way or method to implement it ? I know that encryption of SP will not help much as there are third party tool to decrypt it back.
>
>03) I just want to prevent unauthorized user from copying back my DB. Is encryption of the whole DB the only way, any other better way or method. Pleae advise.
>
>Thank you

01) Security data is stored in Master, not in user databases.

02) There is no way to hide the tables/columns/foreign keys from any login that has db_reader permissions. The only way to protect the database structure from reverse engineering is to keep the database on your server and encrypt the connection string if it is saved in a file that is accessible to a user.

03) Does this question relate to detaching and sending the detached DB to a remote system? You can certainly encrypt the files during transmission. However, you cannot put the attached database files in NT compressed folders or volumes.

The bottom line is that if the database is part of a user's SQL Server, they can easily get to everything except encrypted stored procedures. If the database remains on your SQL Server, you only have to restrict access to a single login that is created for your application and hide/encrypt that login information to protect the database.