I'm working with my team to build a web application for our customers that uses ( ASP.Net & MSSQL ), we need to encrypt the Database structure to avoid stole the database design.
is't any way to do that, and how ?
Regards,
No, is not possible. You are asking for DRM and SQL Server does not offer any DRM. Any claim to the contrary is snake oil. You simply cannot hide secrets from an local administrator, it will always be able to locate any secret.
If you want to protect IP you must not distribute it to the client, use a cloud based solution.
Related
I have developed a website for small business owners.
So, Is it possible to run a website on the client's machine without installing the MsSql Server?
Is there any other tool that performs all operations that a published website requires.
Currently, I am installing MsSql on Clent's machine. But by this method, my Database design can be easily copied.
I would like to quickly install my web application on the Client's machine. and also hide the database if possible. So, Suggest all possible ways by which installation becomes quick.
Welcome to StackOverflow,
First, I should say that unless you own the computer or server you are installing on it will be very difficult to hide database design, Data can be encrypted but the design will be accessible by the administrator of the computer. If you own the computer or server you can install the MVC site in a Kiosk type situation where only you have access to the system.
SQL Server Compact might be a good fit for what you would like to do, you can encrypt it as a file. you can also place restrictions on permissions to the access. there is a lot you can do with it and research is required.
https://blogs.msdn.microsoft.com/stevelasker/2008/05/14/security-and-encryption-for-sql-server-compact/
Now you could build the MVC application to use Jason. You can encrypt the content of the JSON file using AES encryption. You will need to define a key that will be used for encryption and decryption.
I'm new to databases and It's been almost a month I'm working with databases (mostly with MongoDB which is a NoSQL database and I'm loving it :D)
What I am wondering is the security risks you take when you do a direct access to database from let's say a native iOS app.
I know a popular way to this is web service though.
Thanks,
Peyman
I think there're 2 risks obviously:
sql injection.
How to deal with the db password. Just put the plain text in your
config or connection strings?
+1 on password protection or connection strings. Not to mention that your firewall would have to allow every ip through on your database port. People use web services for a reason...in my opinion, don't even consider this an option
I need some advice regarding which database I should use.
I want to create a web application in Java EE and I need a database for storing some information.
I want to make it available not only from my personal computer. The Java code will be simple exported, but what should I do regarding the database?
Which database should I use in order to make it available to anyone?
Just about any modern, client/server dbms will work. If I were in your shoes, I'd try PostgreSQL first. The online docs have a full chapter on server configuration. Pay particular attention to "Connections and authentication".
Often a remote user will connect to an application (a web page, for example), and that application will connect to the database. Usually the application and the dbms run on different servers, in which case the dbms will accept connections only from localhost (for maintenance), the local area network (for company internal use), and from the application server.
Do some research before you decide to let the dbms accept connections from every IP address on Earth; that's a little risky.
I'm working on a website (asp.net c# with SQL Server) and the client is asking for SSO solution. I'm looking to use one shortest implementation where we can create sub-domains for different modules and install/deploy on same or different servers but all of these module/application uses same SQL Server and session is also maintained and shared by SQL Server. However the client is concerned about the performance/scalability and security therefore I would like your advise if you have already worked on such projects and if you would recommend me this solution or anything else.
thank you in advance for your help !
Keep your single sign on information in LDAP. It's definitely the most standardized way to store user information and access. It's really just a database but if scalability and performance are concerns this is your best bet.
I want to distribute an SQL 2008 database to a client and set it up so that the only way to access the data in it is through my application. Can I use Truecrypt for that? Can you think of any other solution?
No, is not possible. This is asked repeatedly and the answer is the same: protecting the data so that is only usable from one application is DRM and SQL Server does not do DRM. There is no cryptographic/encryption or authorization/permission mechanism you can set in place to prevent a legitimate administrator from seeing and using the data as it sees fit, including granting other applications permission to use your application data.
At worst you can encrypt all the data in the client and store only the encrypted blobs, thus rendering it unusable to any other application. This approach looses any advantage a relational database offers (data cannot be searched, queried, indexed, foreign relations and constraints cannot be enforced etc) rendering the SQL Server absolutely useless for your application. Besides, even in this case, short of using a hardware module, the data is not trully protected since the application cannot embed any encryption key in a secret fashion (any key embeded in the app, no matter how obfuscated it is, can be retrieved, always) and relying on the user to provide a secret password means the user can simply decrypt the data.
If you want to use a DRM scheme (which you are actually asking for), use a DRM product.
I've taken a quick look at Truecrypt and it doesn't look like the tool for what you're trying to do.
You should look at SQL Server Logins, Users and Roles. How you use these will depend on how you setup your database connection. If you can provide more information about how you are connecting I can try and help further.