Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations bkrike on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Securing one database

Status
Not open for further replies.
asimeqi

asimeqi

Programmer
Nov 2, 2004
25
US

I have an application which uses a SQL Server Express database.
There are tables in the database that contain information I do not want users of the application to be able to see or be able to change.
However since I do not have control over the database file, the user can simply install a copy of SQL Server in another computer, give himself dbo permissions, restore a copy of my database and do whatever he wants.

Is there any way to prevent this?
 
Sort by date Sort by votes
If the users were savvy enough to do this, what is the harm? It would be a local copy and would not affect your production database. The problem lies in the security of your production server. The users should not be able to obtain a copy of the backup file. They should not have access to the server itself, only proper permissons to acces the DBs needed.

Jim
 
Upvote 0 Downvote
If this is to make sure the user does not see or change licensing or sensitive information, encrypt it and store it. For example, a credit card number in a table.
 
Upvote 0 Downvote

Yes Shankar, part of the information that I need to hide is licensing information. I will certainly encrypt it but the keys will be in code.
This program is going to be distributed in a country where piracy is rampant. There are kids who wouldn't mind spending months of their life figuring out the enryption. So adding one more layer of protection wouldn't hurt.
Jim, the users own the database. The database backup is part of regular backups, it has to be done.

I also have written lots of stored procedures. Most of them are very mundane, but a few of them have very complex bussines logic that took me many months to figure out. I do not want competitors to be able to read that code. Now of course I can rewrite them in C++ but I would prefer not to do that.

I have to mention that I am not a DBA, I am a C++ programmer with some experience in databases. So some of my questions may look very naive.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Cpreston
  • Locked
  • Question
Group results into one row 3
2
Replies
37
Views
2K
Chris Miller
Chris Miller
peac3
  • Locked
  • Question
split one row into multiple rows... help pls 2
Replies
12
Views
2K
Chris Miller
Chris Miller
leifoet
  • Locked
  • Question
How can I update the input of a form (rows and columns) to the database in one query ?
Replies
1
Views
400
Chris Miller
Chris Miller
ahmedsa2018
  • Locked
  • Question
How to export 20 milion rows to only one file ?
Replies
2
Views
325
JeffModen
JeffModen
eboughey1008
  • Locked
  • Question
Import columns from one table into another table with dissimilar field layout
Replies
7
Views
425
Chris Miller
Chris Miller

Part and Inventory Search

Sponsor

Back
Top