SQL Server 安全性SQL Server Security

SQL Server 具有許多功能,可支援安全資料庫應用程式的建立。SQL Server has many features that support creating secure database applications.

資料竊取或破壞等一般的安全性考量,則適用於所有的 SQL Server 版本。Common security considerations, such as data theft or vandalism, apply regardless of the version of SQL Server you are using. 資料完整性也應視為安全性問題。Data integrity should also be considered as a security issue. 如果資料未受保護,可以對其進行臨機操作 (Ad Hoc),或用能夠用錯誤的值不小心或惡意地加以修改或全部刪除,資料就可能變得毫無價值。If data is not protected, it is possible that it could become worthless if ad hoc data manipulation is permitted and the data is inadvertently or maliciously modified with incorrect values or deleted entirely. 此外,也經常會有必須遵循的法律需求,例如機密資訊的正確儲存方式等。In addition, there are often legal requirements that must be adhered to, such as the correct storage of confidential information. 依照特定管轄區適用的法律而定,某些類型的個人資料可能完全不得儲存。Storing some kinds of personal data is proscribed entirely, depending on the laws that apply in a particular jurisdiction.

如同每個 Windows 版本,每個 SQL Server 版本都具有不同的安全性功能,而越新的版本功能越強。Each version of SQL Server has different security features, as does each version of Windows, with later versions having enhanced functionality over earlier ones. 單靠安全性功能並不足以確保資料庫應用程式的安全,瞭解這點是很重要的。It is important to understand that security features alone cannot guarantee a secure database application. 每個資料庫應用程式的需求、執行環境、部署模型、實體位置和使用者族群都有其獨特性。Each database application is unique in its requirements, execution environment, deployment model, physical location, and user population. 某些具有本機範圍的應用程式可能只需要最低的安全性,而其他的本機應用程式或透過 Internet 部署的應用程式卻可能需要嚴謹的安全性措施及持續不斷的監控和評估。Some applications that are local in scope may need only minimal security whereas other local applications or applications deployed over the Internet may require stringent security measures and ongoing monitoring and evaluation.

您應該在設計階段考量 SQL Server 資料庫應用程式的安全性需求,而不是事後才加以考量。The security requirements of a SQL Server database application should be considered at design time, not as an afterthought. 提早在開發週期中評估威脅,可增加在偵測到安全性漏洞時減少可能損害的機會。Evaluating threats early in the development cycle gives you the opportunity to mitigate potential damage wherever a vulnerability is detected.

即使一開始的應用程式設計安全無虞,隨著系統的演進,新的威脅也可能會出現。Even if the initial design of an application is sound, new threats may emerge as the system evolves. 藉由在資料庫周圍築起多道防線,您可以將安全性破壞所造成的損傷減至最少。By creating multiple lines of defense around your database, you can minimize the damage inflicted by a security breach. 您的第一道防線是絕不授與比絕對必要多的權限,藉此而減少可能受到攻擊的表面區域。Your first line of defense is to reduce the attack surface area by never to granting more permissions than are absolutely necessary.

本節中的主題簡要說明與開發人員相關的 SQL Server 安全性功能,並提供連結至《SQL Server 線上叢書》中的相關主題以及提供更深入探討的其他資源。The topics in this section briefly describe the security features in SQL Server that are relevant for developers, with links to relevant topics in SQL Server Books Online and other resources that provide more detailed coverage.

本節內容In This Section

SQL Server 安全性概觀Overview of SQL Server Security
說明 SQL Server 的架構和安全性功能。Describes the architecture and security features of SQL Server.

SQL Server 中的應用程式安全性案例Application Security Scenarios in SQL Server
包含討論 ADO.NET 和 SQL Server 應用程式之各種應用程式安全性案例的主題。Contains topics discussing various application security scenarios for ADO.NET and SQL Server applications.

SQL Server Express 安全性SQL Server Express Security
說明 SQL Server Express 的安全性考慮。Describes security considerations for SQL Server Express.

SQL Server 資料庫引擎和 Azure SQL Database 的資訊安全中心Security Center for SQL Server Database Engine and Azure SQL Database
說明 SQL Server 和 Azure SQL Database 的安全性考慮。Describes security considerations for SQL Server and Azure SQL Database.

SQL Server 安裝的安全性考慮Security Considerations for a SQL Server Installation
說明安裝 SQL Server 之前要考慮的安全性考慮。Describes security concerns to consider before installing SQL Server.

另請參閱See also