开发者

Shipping SQL server database with my application

I wish to ship SQL server database file with my application. I am very very new to SQL.

1) I do not know how to protect this file from being opened.

2) If this 开发者_如何学Gofile is emailed, can anybody read it?

3) Is there any possibility of protecting it like Access database is password protected so even emailed, no one can open it.

Thanks Furqan


Regular SQL Server database files (.mdf, .ldf) aren't intended to be shipped with your application and installed locally - they are intended to be used on a SQL Server instance, running in a secure environment where typical users don't have physical access to the files per se.

As such, .mdf/.ldf files cannot really be protected by a password or anything like that - you can define users and their permissions, but that only applies to the permissions inside the database - not the database file(s) itself.

For your scenario, I guess you'd be better off with SQL Server Compact Edition - an in-process (just a bunch of DLL's), one-file-for-your-entire-database (*.sdf) kind of database - much more closely an Access replacement than the full-fledged SQL Server.

The documentation clearly states:

SQL Server Compact Edition was designed from the beginning assuming the user had access to the physical file. Without an additional security mechanism, the user could bypass your application and use tools such as MSQuery to view and edit the raw data. SQL Server Compact Edition supports the ability to password protect and encrypt the data file, thereby limiting access to your application which embeds the password. The password protection of the database file adds a layer of protection that travels with the file, making it harder to access the data in the event a rogue user obtains the file.

Read more about SQL Server Compact 3.5 and you might also want to check out the SQL Server Compact blog which discusses the latest developments (SQL Server Compact 4.0 is in testing right now).


1) Assign a username and password to through SSMS or Enterprise Manager

2) No, because of [1]

3) Yes, because of [1]

Just to be doubly sure: take the database offline, zip encrypt .mdf file, and send it


If you ship it - than someone on the other end need to open and install it.

You can protect the file using zip software with password, and tell it to the other party on the phone.


1) Even if you protect it before it is added to the SQL server the user will be able to get into the database once it is loaded and running on the server.

2) Possible, but why would you want to email a database file?

3) When you email it you can add it to an archive with password, like a password protected zip file.

0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜