|
-
Nov 24th, 2007, 10:54 PM
#1
Thread Starter
Hyperactive Member
sql 2005 express security
Hi All,
I'm going to implement a standalone solution to my company's partners, which is a VB.NET application with some $$ calculations.
Some rate data are sensitive and we choose to use sql server express 2005 as local database engine.
My concern is that, how can I protect my id & password to access sql express?
At least I need to code it inside VB.NET SQLConnection in order to access the rate, and the code in VB.NET is reversable, I afraid if someone can hack into the code and discover the login credential.
Is there a way to prevent it?
Thanks.
-
Nov 24th, 2007, 11:34 PM
#2
Re: sql 2005 express security
You can encrypt the source code for your application when you've finished writing it.
-
Nov 25th, 2007, 11:17 AM
#3
Thread Starter
Hyperactive Member
Re: sql 2005 express security
My concern is not on the source code, but rather the distributed code.
As I remember, VB.NET object code is somehow reversable.....do you mean the object code is also encryptable? If yes, will it affect performance?
Thanks.
-
Nov 25th, 2007, 05:49 PM
#4
Re: sql 2005 express security
Well - that is kind of complicated.
SQL DB's can always be copied off a machine and loaded into a SQL environment where they can be ATTACHED and looked at.
There is no native encryption in MS SQL db's (except for MS SQL CE - compact edition).
The only safe method for authentication is WINDOWS AUTHENTICATION - but usually with SQL EXPRESS you use SQL authentication. Are you using SQL authentication right now??
-
Nov 25th, 2007, 10:26 PM
#5
Thread Starter
Hyperactive Member
Re: sql 2005 express security
I plan to use sql authentication because I can't create Windows a/c at client machine.
So, I must code the id & password inside my code, that's what I (actually the security officer) don't want to.......
Also, you alert me that the db is attachable to other SQL Server system. But I do remember that it is possible to do some encryption to the database, it is not support in sql express 2005?
Thanks.
-
Nov 26th, 2007, 07:13 AM
#6
Frenzied Member
Re: sql 2005 express security
Hi!
I have written apps that work disconnected, or in a company environment, and I take two approaches when the data is concerned
1) If the app is to be distributed as a standalone product (like ms office) I use encrypted xml data as the "database". In VS 2005 its very easy to work with XML data, and its reasonably fast.
2) If I can, I use webservices that expose a facade layer against the application. This I mostly use for intranet apps where the data is shared between the clients. The 1) approach is best used when the database should be unique for each client and is sensitive. I would never use access or sql server express for sensitive data since there is no way to encrypt it. We encrypt the xml data using an algorithm thats is reasonably hacker proof.
good luck
Henrik
-
Nov 30th, 2007, 02:49 PM
#7
Addicted Member
Re: sql 2005 express security
Check out Laurentiu Cristofors security blog for sql Server 2005.
http://blogs.msdn.com/lcris/archive/...09/427523.aspx
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
Click Here to Expand Forum to Full Width
|