We have a product that historically uses a Microsoft Access database which is great because it is portable.
However we are looking to move to SQL Server and this will range from the Express version upwards. In the Access database we can use a password to protect the database from prying eyes. Although I appreciate it only offers limited security. We need to be able to protect a SQL Server database however we do have access to the server as the database is delivered as part of the install. The client would install SQL Server and then attach the database. I looked at NetLib but that requires an install on the server. I cannot use TDE as SQL Express does not support that. I can use column encryption but I was wondering if there was a database wide solution. Basically no one except for us as supplier should be able to query the data unless they use our software interface.
Related
I have been supporting a product written in VB6 with an Access database for a long time. In many of the installations a mapped drive was used to allow multiple workstations to run simultaneously. Since it seems Microsoft has broken that recently, I need to re-write everything with a new set of tools.
I plan to use VB.net and I would like to use a SQL database this time for the stability. The problem is that the market I sell to cannot / will not support installing full blown SQL Server and all the complexities of managing it.
What I am not able to find any current info about is whether or not SQL Server Compact still exists, whether or not it can be added to a NON web based project and if it will be easy to deploy and be easy to manage like an Access database was.
When I try to follow the directions to add SQL Server Compact to my project, it isn't available in the Data Source drop down list (there are "Simple by ErikEJ" versions listed but they don't seem to work) I have seen SQL Server Compact talked about with regards to web projects but I am building a locally installed .exe. I can't find ANY current info about what flavors of SQL are available right now to add to a local program running over a peer to peer network.
SQL Server Compact is no longer supported and developed by Microsoft, I suggest that you use SQL Server Express, it allows remote connections (if configured to allow it) and has modest resource requirements. Supports a database up to 10 GB of size.
As suggested, SQL Server CE can still be used but is no longer supported. For file-based databases, Microsoft currently recommend SQLite.
For a multi-user system, SQL Server Express is probably your best bet. It's still server-based though, so the server needs to be installed somewhere. For local databases, you can install on the same machine as the application and attach a data file on demand. For multiple clients, you'll need the server installed on a machine accessible to all and a permanently-attached database.
in my development environment we support the application both on MSSQL Server as well as Oracle. The database schema of both of these RDBMS are same.
while development we found that the developer made a mistake and forgot to change the oracle database for the last 1 yr. therfore the oracle script is quite behind in term of schema from SQL Server schema script.
now the question is how i can compare the two RDBMS systems to find the difference and make the oracle script updated
If there are no track log from which it's possible to find and reproduce all changes applied to SQL Server since first detected inconsistency with Oracle version, or that changes was applied, but only partially, you really need to compare objects presented in both databases.
In this case setup a link between databases on any side and use system dictionary views to compare table structures and other objects to find differences and, possible, to generate script for Oracle scheme rollup.
If you want to act from MS SQL Server side:
Install and configure Oracle Instant Client
Install Oracle ODAC
Follow Microsoft recomendations (64-bit version)
Connect as any user with dba role (or use same Oracle schema where object resides) to Oracle from MS SQL database
If you want to act from Oracle Server side:
Install and configure Oracle Database Gateway for SQL Server.
Create database link to MS SQL Server.
After successful configuration you may join Information schema views on SQL Server side with Data dictionary views on Oracle side to find differences.
Of course there are many troubles at this way like different data types, but it gives a chance to automate at least part of work.
I am getting a little bit confused about the difference of the followings:
SQL Server Express
SQL Server Compact
localDB
My requirement is to develop a desktop application that will use basic RDBMS features. I need to package the application and allow the user to install a single distributed package. I don't want the user to install even SQL server express.
In this case, which DB I should use? SQLite is not considered as too much re-coding has to be done.
Thank you.
SQL Server Express is full featured DBMS, with some limitations in terms of database size and resources it is allowed to use. You can see it's limitations (relative to SQL Server) on microsofts site (Features Supported by the Editions of SQL Server 2012)
SQL Server CE is embedded database, meaning that it runs in user mode, it's easy to deploy (requires you to copy just few assemblies), lightweight but fast, can be run by a low privileged user. It's supported by NHibernate. However, has more limitations. To me most notable is that there are problems when you try to have multiple connections to same database. Although MS claims that this is supported, if you try this in Windows 2008 server, you will fail. And what's worse, such use scenario may lead to DB corruption. This means that you will effectively not be able to use some Management tool to update data while your service/website is running. Also, SQL Server Management studio doesn't support SQL CE anymore, so you will have to use a 3rd party tool, like Database.NET. It also does not support subqueries.
localDB, having not used it, sounds like a compromise. It's a standalone database which is executed in user mode (can be used by low privilege user), but must be installed so you will need administrative privileges for that part. Offers set of capabilities of SQL Server Express. It's much larger than SQL CE, and also requires to be installed (unlike CE which is just binary drop in). Shortest overview of this DBMS can be found here.
I want to deploy my SQL Server 2008 Database with application on the client's machine, where i don't want that anybody can open and read or copy my Database Objects (i.e. Tables, SPs, Functions, Views etc.).
I want to protect database with password same like Microsoft Access 2007 When somebody opens it asks Password. Can it be done in SQL Server 2008, if yes how.?
SQL Server is not like Access and doesn't have any file-based password-protection mechanisms (in the "normal" editions like Web, Standard, Enterprise/Developer, Express).
SQL Server is a server-based product - you need to restrict physical access to the server the files are located on, and prevent unauthorized users from accessing the files through the SQL Server mechanisms (like logins and permissions).
If you need something like Access' password-protected files, you need to use SQL Server Compact Edition which is file-based and has a password-protect feature
An alternative approach that you may also wish to consider, that is in addition to deploying an initial secure instance configuration, is the Transparent Data Encryption feature in SQL Server. This way were someone able to access the database data files "outside" of SQL Server, i.e. via the file system, they would not be able to review the data without decrypting the data files.
We have a team of sales persons who travel often carrying a laptop loaded with Sales data in a SQL Server Express database. What are the options available to encrypt a SQL Server Express database?
What's your threat model? Are you trying to stop a casual thief who's stolen a laptop, or a determined hacker? Are you trying to protect just the data, or also the schema?
If you're using SQL Server Express 2005 or higher, then it supports native asymmetric encryption. But if you're trying to stop a determined hacker, then I think the best option would be to encrypt the whole disk using something like TrueCrypt, or BitLocker for Vista/Windows7.
You may also consider using transparent encryption solution for SQL Server called DbDefence.
It is free for databases less than 77MB
I see that others have mentioned a third party product. If you are open to that, you can also consider Encryptionizer for SQL Server, which supports all versions and editions of SQL Server from Express to Enterprise. Disclaimer: I am with NetLib Security.