Skip to content
  • Categories
  • Recent
  • Tags
  • Popular
  • World
  • Users
  • Groups
Skins
  • Light
  • Cerulean
  • Cosmo
  • Flatly
  • Journal
  • Litera
  • Lumen
  • Lux
  • Materia
  • Minty
  • Morph
  • Pulse
  • Sandstone
  • Simplex
  • Sketchy
  • Spacelab
  • United
  • Yeti
  • Zephyr
  • Dark
  • Cyborg
  • Darkly
  • Quartz
  • Slate
  • Solar
  • Superhero
  • Vapor
  • Default (No Skin)
  • No Skin
Collapse
Code Project
CODE PROJECT For Those Who Code
  • Home
  • Articles
  • FAQ
Community
  1. Home
  2. Database & SysAdmin
  3. Database
  4. How do we secure a Sqlserver database in client side?

How do we secure a Sqlserver database in client side?

Scheduled Pinned Locked Moved Database
questiondatabase
2 Posts 2 Posters 0 Views 1 Watching
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • A Offline
    A Offline
    alav
    wrote on last edited by
    #1

    Dear All, We created a windows application using Sqlserver2000,We have to deploy it at client side. My question is, the client should not be abel to open the database in any way, even if he well known with SqlServer. How do we secure it?

    C 1 Reply Last reply
    0
    • A alav

      Dear All, We created a windows application using Sqlserver2000,We have to deploy it at client side. My question is, the client should not be abel to open the database in any way, even if he well known with SqlServer. How do we secure it?

      C Offline
      C Offline
      Colin Angus Mackay
      wrote on last edited by
      #2

      alav wrote:

      We created a windows application using Sqlserver2000,We have to deploy it at client side. My question is, the client should not be abel to open the database in any way, even if he well known with SqlServer. How do we secure it?

      If you prevent the client from connecting to the database you also prevent the application you deployed on the client from connecting to the database. There is no such thing as 100% security. If your application can get through then there is a risk that something else can get through also. The solution is to minimise that risk and design the database as if the client has been compromised. Since you are talking about the creation of the windows applicaiton in the past tense I'm guessing it is too late to do much about that. So, what follows are some options you may consider if you were starting again: * Have the application connect to a specific account on the SQL Server and do not share that information with anyone. Pros: You don't have to give permission to a windows account as the user name and ID are only issued for the one application. Cons: You then have to manage the security of the user name and password which must get installed on the client machine somehow. * Access the database via a web service. The Web service can then validate all requests to ensure they are acceptable and won't damage the database. The database only needs to give permission to the webservice for access. Pros: A third party arbitrates all requests. Cons: Adds an extra layer that will slow down communication. The web service still has to authenticate the client somehow. * Stucture your database so no one gets direct access to any of the tables. They must uses stored procedures that validate the input. Pros: The database can go some way to protecting itself. Only a well defined specific set of changes can be made to the database. Cons: Some of the business logic ends up in the database.

      Upcoming Scottish Developers events: * Glasgow: Tell us what you want to see in 2007 My: Website | Blog | Photos

      1 Reply Last reply
      0
      Reply
      • Reply as topic
      Log in to reply
      • Oldest to Newest
      • Newest to Oldest
      • Most Votes

      • Login
      • Don't have an account? Register
      • Login or register to search.
      • First post
        Last post
      0
      • Categories
      • Recent
      • Tags
      • Popular
      • World
      • Users
      • Groups