How to sign a database?

Is there a way to have a signature on a SQL DB so only a specific application with a specific version could access that DB?

I'm using sql server 2008. I have a DB that I wish to protect in several ways. The important columns are encrypted and the application itself is signed开发者_开发问答 and obfuscated (holding the key).

I'm looking for a way to block an application, even an earlier version from accessing the DB even if holding the key. I would like to prevent a case where someone hacked the exe, hacking the exe will break the app signature and will prevent him from accessing the DB.

thanks Avi

To answer your question, you'd have to store the signature on the database, probably in it's own table.

The signature would be the version number of the software, salted, and encrypted.

What kind of app is this?

On .NET strong naming was invented for this purpose. Also google for SignTool.exe (MSDN)

Otherwise you'd need to self-verify

Nothing like that is unreversible (e.g. self-packing and self-modifying code is routinely reversed using tools like IDA-Pro). So if you can, try to rely on OS functions to verify the exe

It sounds like you want to sign the application, not the database. There's no way for SQL Server to really know what version of the app it's talking to, since the application itself is responsible for telling SQL Server what version it is. You effectively are placing your app outside the "trust boundary", yet you want it to behave in a trusted fashion.

For stuff like this, I recommend going with a three-tier solution instead. Create a trusted middle tier which talks WCF or Web Services to the application. This middle tier is hopefully something you can control and trust. The middle tier could then use certificate-based authentication (or any number of other types of) to clients in order to authenticate their identities, and then pass back the appropriate data based on the user's authorization to it.