Jump to content


Check out our Community Blogs

Register and join over 40,000 other developers!


Recent Status Updates

View All Updates

Photo
- - - - -

Mssql Question

MS SQL mssql

  • Please log in to reply
7 replies to this topic

#1 Tonchi

Tonchi

    Helping the world with programming

  • Expert Member
  • PipPipPipPipPipPipPip
  • 1249 posts
  • Location:Zagreb
  • Programming Language:C#, Others
  • Learning:C, C++, Python, JavaScript, Transact-SQL, Assembly

Posted 10 July 2012 - 01:57 PM

I have .mdf database in my desktop application. What I want is to make sure that no one can reach the data even if he attach the .mdf file in SQL Management Studio or some other database IDE. I want of that database to be reachable only by my application. How can I do that?
  • 0

Microsoft Student Partner, Microsoft Certified Professional


#2 kernelcoder

kernelcoder

    CC Devotee

  • Expert Member
  • PipPipPipPipPipPip
  • 990 posts
  • Location:Dhaka
  • Programming Language:C, Java, C++, C#, Visual Basic .NET
  • Learning:Objective-C, PHP, Python, Delphi/Object Pascal

Posted 10 July 2012 - 06:59 PM

How did you created that file? Is it MySQL database file, MS Access File, MS SQL database file? The chance is that the file is a MySQL one as you the title says. So if it is MySQL, is it contains data only or the schema only or both? In case of MS Access or MS SQL, you can set password to it.
  • 0

#3 Tonchi

Tonchi

    Helping the world with programming

  • Expert Member
  • PipPipPipPipPipPipPip
  • 1249 posts
  • Location:Zagreb
  • Programming Language:C#, Others
  • Learning:C, C++, Python, JavaScript, Transact-SQL, Assembly

Posted 11 July 2012 - 01:14 PM

It is MS SQL. I know I can set a password but that's not what I want. Looking deep even I know in theory how to hack any password, but just in theory. So every person who knows how to create a semi professional code in any project can broke the password. That's why I have posted on other thread that I want to create my own encryption algorithm to protect my data. The problem is that I can't find anywhere on Google how to do that. I don't trust neither MD5, SHA1 or any other know algorithm
  • 0

Microsoft Student Partner, Microsoft Certified Professional


#4 Luthfi

Luthfi

    CC Leader

  • Expert Member
  • PipPipPipPipPipPipPip
  • 1320 posts
  • Programming Language:PHP, Delphi/Object Pascal, Pascal, Transact-SQL
  • Learning:C, Java, PHP

Posted 14 July 2012 - 12:49 AM

There are two ways I can think of to achieve this.

  • Encrypt entire .mdf and .ldf files of the corresponding database. Your application is the only one that be able to decrypt the .mdf and .ldf. Therefore your application is responsible to decrypt the files, attach the files to your MS SQL Server, and when finish with the corresponding database it should detach it and then re-encrypt them back.

    As you can see, this approach does not protect the content of the database once it's been attached. Because the database still accessible to every concurrent session/user.
  • Encrypt and decrypt the important values stored in the database on-the-fly. When you UPDATE/INSERT you have to encrypt the supplied values, and when you SELECT you have to decrypt the retrieved values.

    This is the most secure, but also the slowest.

Note that MD5 and SHAxx were not encryption algorithm. They're hashing/digesting algorithm.
  • 0

#5 Tonchi

Tonchi

    Helping the world with programming

  • Expert Member
  • PipPipPipPipPipPipPip
  • 1249 posts
  • Location:Zagreb
  • Programming Language:C#, Others
  • Learning:C, C++, Python, JavaScript, Transact-SQL, Assembly

Posted 14 July 2012 - 05:46 AM

thank you. i will consider your reply :)
  • 0

Microsoft Student Partner, Microsoft Certified Professional


#6 Luthfi

Luthfi

    CC Leader

  • Expert Member
  • PipPipPipPipPipPipPip
  • 1320 posts
  • Programming Language:PHP, Delphi/Object Pascal, Pascal, Transact-SQL
  • Learning:C, Java, PHP

Posted 14 July 2012 - 08:56 PM

No problem. Do you think the approach number 1 could be used for tutorial subject? I am out of idea for my MS SQL tutorials series.
  • 0

#7 Tonchi

Tonchi

    Helping the world with programming

  • Expert Member
  • PipPipPipPipPipPipPip
  • 1249 posts
  • Location:Zagreb
  • Programming Language:C#, Others
  • Learning:C, C++, Python, JavaScript, Transact-SQL, Assembly

Posted 16 July 2012 - 04:37 PM

Yes ofc :)
  • 0

Microsoft Student Partner, Microsoft Certified Professional


#8 WingedPanther73

WingedPanther73

    A spammer's worst nightmare

  • Moderator
  • 17757 posts
  • Location:Upstate, South Carolina
  • Programming Language:C, C++, PL/SQL, Delphi/Object Pascal, Pascal, Transact-SQL, Others
  • Learning:Java, C#, PHP, JavaScript, Lisp, Fortran, Haskell, Others

Posted 21 July 2012 - 09:04 AM

I have to question why you are doing this. If the data is the customer's data, they will probably want to be able to do reporting against the database, maintenance, etc. Also, "locking" the database prevents them from effectively implementing a backup policy. If your customers want an MSSQL based solution, they are not going to take kindly to you interfering with the process. Also, if you are using MSSQL, it is likely that you are in a client/server situation with multiple clients.

If you really wanted to, you could only store encrypted data in the database, but I think you are trying to do a "bad thing" ™.
  • 0

Programming is a branch of mathematics.
My CodeCall Blog | My Personal Blog

My MineCraft server site: http://banishedwings.enjin.com/






Recommended from our users: Dynamic Network Monitoring from WhatsUp Gold from IPSwitch. Free Download