SQL Server Development Bookmark and Share   
 index > SQL Server Security > deploying app and protecting mdf file from being read, suggestions.
 

deploying app and protecting mdf file from being read, suggestions.
Can anyone point me in the right direction, I know this type of question has been asked before but I am not after a foolproof solution, just something relatively easy to implement with basic or moderate levels of protection, and maybe some ideas on how to implement it/code examples/samples.


I will be deploying an application on CD to clients. I want to discourage a hacker by making it difficult for him to read the tables in the mdf file. I only want the mdf file accessable through the application. The database will be read only and relatively small. i'm using SQL server 2005 express

Thanks.
trav9000  Friday, January 09, 2009 8:06 AM

Hi trav,

The best way to do this would be to encrypt the data in the tables, and decrypt the information using the application. I would encourage you to encrypt only the sensitive data in the application, because there is of course some overhead to encryption. A good introduction to SQL Server Encryption can be found in the MSDN Article How To: Encrypt A Column of Data.

Is this the kind of thing that you're looking for?

Aaron Alton | thehobt.blogspot.com
  • Marked As Answer bytrav9000 Wednesday, January 14, 2009 2:05 AM
  •  
Aaron Alton  Sunday, January 11, 2009 2:26 AM

Hi trav,

The best way to do this would be to encrypt the data in the tables, and decrypt the information using the application. I would encourage you to encrypt only the sensitive data in the application, because there is of course some overhead to encryption. A good introduction to SQL Server Encryption can be found in the MSDN Article How To: Encrypt A Column of Data.

Is this the kind of thing that you're looking for?

Aaron Alton | thehobt.blogspot.com
  • Marked As Answer bytrav9000 Wednesday, January 14, 2009 2:05 AM
  •  
Aaron Alton  Sunday, January 11, 2009 2:26 AM
yes, I think that is the approach I will take, with the columns.

So, I have done that using encryptbypassphrase and then in the tableadapter on the form, I then decrypt the columns. I have to hardcode the passphrase in the fill() query. It shows up properly in the datagrid, ie. unencrypted.

Taking this approach do you know if it is easy to debug and get the passphrase from the tableadapter query ? Would any obfiscation strategies help , or should I be looking for a 3rd party obfiscation solution ? or would obfiscation not help much ?

Thanks.
trav9000  Monday, January 12, 2009 5:20 AM

You can use google to search for other answers

Custom Search

More Threads

• What permissions required for SSMS Reports
• Granting user access to run jobs in SQL Server 2000
• SQL credentials
• SQL2000/2005 Logon via Windows Group
• Verfiying stored procedures
• Pasword Data Type
• SQLServer Error: 15404 with Active Directory
• Encrypted password in DB and reused later
• Login failed for user 'NT AUTHORITY\SYSTEM'. [CLIENT: ]
• sql2005 backup script to include destination share name/password
Home          Copyright 2009-2010 by sqldev.org All rights reserved