tags:

views:

178

answers:

5
+2  Q: 

Old data stored in database file

How can I ensure that all data that I've erase from the db tables, is no longer stored in the mdb files (and others) on the hard disk?

Here's my situation:
My client used to store non-encrypted credit card data, in their database (SQL Server). Thanks to PCI requirements, they now encrypt all that data... However, the mdb file still has some of the old, unencrypted CC written to it.
We've verified that there are no more CC's in the database; we've compressed the database; we've backed it up to a file and restored it anew, to a new database; we've even run sp_cleandb.
Yet, still, when we analyze the persisted file on disk, we still find a handful of non-encrypted CCs - that are not stored in the DB, they're not part of SPs, views, or UDFs, and they do not appear in any table metadata.

So, my question - how can I ensure all the "bad" CC data is gone? Or, more generally, how do I force MSSQL to store only current data, and clean the file from any "garbage"?

+5  A: 

Based on what you've done, I'd suggest creating a new database, and moving all your data into that.

That way you know you're only working with your new data, and no legacy data will somehow be stored in files.

Bravax  2009-05-15 08:42:58
Thanks, was my first thought too - but this is a large, production database, unfortunately its not really an option.
AviD  2009-05-16 18:57:22
+1  A: 

Have you tried freeing up unused space in the database files (and log files)?

Peter Lillevold  2009-05-15 08:43:40
Yep, as I said through compression, backup, sp_clean, etc. Do you know any other mechanism?
AviD  2009-05-16 18:58:14
+1  A: 

To be absolutely sure:

  • dump your data in some textual format, such as CSV
  • search the CSV for any unencrypted data & remove it
  • create a new empty database
  • load the CSV into the new database
anon  2009-05-15 08:57:10
Thanks, but not really an option - large production database...
AviD  2009-05-16 18:59:06
+1  A: 

script out the database

bulk copy the data out to flat files

look in the flat files for unencrypted data

drop the database

delete the database files with a secure delete: http://www.snapfiles.com/Freeware/security/fwerase.html

create a new database on the server with your scripts

load the data from the flat files

KM  2009-05-15 21:06:51
A: 

If you are interested in this topic, I recommend:

Threats to privacy in the forensic analysis of database systems, International Conference on Management of Data archive, Proceedings of the 2007 ACM SIGMOD international conference on Management of data http://www.cs.umass.edu/~miklau/pubs/sigmod2007LMS/stahlberg07forensicDB.pdf

vy32  2010-01-06 03:40:48

related questions

What language do you use for Postgresql triggers and stored procedures?
Are Multiple DataContext classes ever appropriate?
Which tools do people use to create Data Dictionaries?
Any experiences with Protocol Buffers?
Mechanisms for tracking DB schema changes
How big can a MySQL database get before performance starts to degrade.
How do I index a database field
How does database indexing work?
How do I connect to a database and loop over a recordset in C#?
Editing database records by multiple users
Object Oriented vs Relational Databases
VFP .NET OLEdb provider does not work in Win 64-Bits. Help
Embedded Database for .net that can run off a network
Connect PHP to an AS/400
Swap unique indexed column values in database.
cx_Oracle - what is the best way to iterate over a result set?
cx_Oracle - How do I access Oracle from Python?
.NET Migrations Engine
Is there a version control system for database structure changes?
SQLite and XSD
How do I version my MS SQL database in SVN?
XSD DataSets and ignoring foreign keys
Flat File Databases in PHP
Throw Error In MySQL Trigger
Binary Data in MySQL