I want to build a program which needs database to be used in it. Is it possible to use a database without pre-required program and internet access on client computer?
The only way to use a database without requiring internet access is if the databases is on the same computer.
You can bundle a database with your application but then you wouldn't have a central database for everyone to update. If that fits your requirements, great. Otherwise you are out of luck.
Regardless, you will need some program to perform persistent storage. While XML is one option, if you want any database like behavior just do a search on the internet for open source databases you could use if you don't want to pay for Oracle or SQL Server.
Related
I'm new to SQL server and I have a question
I created a database on a SQL server local DB instance and then I copied the .mdf file of the database to a USB flash drive and I was able to open the database from a different user account'
So I want to understand why is it so? Does it mean that anyone can copy my database file and open it on their own server? And how can I secure that?
Thanks
Does it mean that anyone can copy my database file and open it on their own server?
Yes, as long as it's the same version of SQL Server. This is why it's critical to maintain control of a server running SQL Server and prevent unauthorized access to the file system or backups.
So I want to understand why is it so?
The same software uses the same format. Much like how an Excel document can be saved on one computer and opened on another, so, too, can a database. By default, SQL Server stores data in the easiest and most straightforward manner it can for best possible performance. Security of the data files is often a secondary concern as most SQL Servers physically reside behind locked doors and OS access is restricted to computer administrators with domain authentication.
If you're running SQL Server 2008+ Enterprise, you have access to Transparent Data Encryption which will encrypt the data files on disk. That doesn't prevent moving the database if you have full access to the original host system, but it does mean there are additional steps and it will be difficult to access the data by directly reading the data from the disk. Furthermore, you can also encrypt your backups (I believe SQL Server Standard and above supports this, I'm not sure about Express).
As far as Express LocalDB... your options are pretty limited. You can use NTFS level encryption, but that will impact performance as the DB engine is no longer aware that encryption is going on. Furthermore, anybody who can access the DB unencrypted would be able to access the DB files to copy, so you're not actually protected against inside attacks. You could also use BitLocker full disk encryption, but again, that will come with some I/O cost and, again, doesn't protect against inside attacks.
Finally, no matter what you do anybody with sa or dbo level access to the server will be able to read your data. You can choose to store only encrypted data in the DB, but that pretty much eliminates any advantage of using SQL, and your application would still need to store the means to decrypt it somewhere, which means someone could find your decryption key and work backwards from there.
If the server is a real production server and it's properly secured, people should be able to connect to the database (using the server name and the database name and some kind of authentication), but beyond that, no one except administrators should have any other kind of access to the server.
Specifically, no one but the administrator(s) should:
be able to see the .mdf file or the folder that contains it
have physical access to the server so that they are even able to plug in an USB flash drive
That's how it should be on a "real" server.
SQL Server LocalDB is a local-machine-only version of SQL Server Express for development.
So I guess that the machine you're talking about is a development machine.
But it doesn't matter if it's a production server or development machine - the following always applies:
Whenever someone has access to the actual physical machine, they will be able to copy the database files.
When someone has a copy of the database file, they will be able to restore it on another server and open it with an admin account, no matter what permissions you had set. An admin account will always be able to open it.
There's no way to prevent this, other than to make sure that evil people with USB flash drives will never have any kind of access to that computer, beyond remotely connecting to the database.
EDIT:
What about data encryption and special key?
I personally didn't know about it before, but there's already some information about it in the other answer - go read it.
TL/DR:
Moving the database becomes harder, but not impossible
Getting the data out of the database becomes even harder than moving
...but the OP isn't able to use it, because he's using LocalDB (=Express Edition), but Transparent Data Encryption is available in Enterprise Edition only.
well for example you have build a program, for restaurant, for a cinema, wherever,
now how do you do when, you install your application, the database was installed correctly too? i dont sure but i believe this is a different database? for example a file?
(talking about sql).
and how different are going to be the queries? cuz i believe i am not going to have the same function on sql server than a file database
and what connection i shall use?
could i use entity framework?
and how capacity could to have the different file for databases?
regards
You can use a file-based database like SQLite that supports SQL queries. There are ADO adapters available as well. The link should take care of the rest of your questions as well.
Well, since you usually have absolutely no knowledge about target environment, user must configure program to his envronment at install time, or later (af first launch for example, this is much simplier than implement same functionality in installer). User specifies SQL server address (if we are talking about server-based systems) and database name he wants to use. Then database is created programmaticaly using that information.
I have two applications with own database.
1.) Desktop application which has vb.net winforms interface, runs in offline enterprise network and stores data in central database [SQL Server]
**All the data entry and other office operations are carried out and stored in central database
2.) Second application has been build on php. it has html pages and runs as website in online environment. It stores all data in mysql database.
**This application is accessed by registered members only and they are facilitied with different reports of the data processed by 1st application.
Now I have to synchronize data between online and offline database servers. I am planning for following:
1.) Write a small program to export all the data of SQL Server [offline server] to a file in CVS format.
2.) Login to admin Section of live server.
3.) Upload the exported cvs file to the server.
4.) Import the data from cvs file to mysql database.
Is the method i am planning good or it can be tunned to perform good. I would also appreciate for other nice ways for data synchronisation other than changing applications.. ie. network application to some other using mysql database
What you are asking for does not actually sound like bidirectional sync (or movement of data both ways from SQL Server to MySQL and from MySQL to SQL Server) which is a good thing as it really simplifies things for you. Although I suspect your method of using CSV's (which I would assume you would use something like BCP to do this) would work, one of the issues is that you are moving ALL of the data every time you run the process and you are basically overwriting the whole MySQL db everytime. This is obviously somewhat inefficient. Not to mention during that time the MySQL db would not be in a usable state.
One alternative (assuming you have SQL Server 2008 or higher) would be to look into using this technique along with Integrated Change Tracking or Integrated Change Capture. This is a capability within SQL Server that allows you to determine data that has changed since a certain point of time. What you could do is create a process that just extracts the changes since the last time you checked to a CSV file and then apply those to MySQL. If you do this, don't forget to also apply the deletes as well.
I don't think there's an off the shelf solution for what you want that you can use without customization - but the MS Sync framework (http://msdn.microsoft.com/en-us/sync/default) sounds close.
You will probably need to write a provider for MySQL to make it go - which may well be less work than writing the whole data synchronization logic from scratch. Voclare is right about the challenges you could face with writing your own synchronization mechanism...
Do look into SQL Server Integration Service as a good alternate.
I really want to know, how to secure a firebird database from being opened by any user but from the application it self. If I distribute a desktop application with a single file Firebird database (not embedded), how to protect the database from being copied to another machine running Firebird with known sysdba password?
I have searched the question related with this subject, and only find this: Finding a legacy firebird/Interbase database password
If the answer in that post was true, how to use desktop application with firebird database and forbid any user to open it using another machine? Or should I use other database like mySQL or PostgreSQL?
PS: I use Delphi 2006 to develop the GUI.
You are missing the point when thinking about the password to the Firebird database - the server is open source, so there's no way to do what you want. The user can simply recompile the server with password checking commented out.
Basically there's only two things you could do:
Write your own modifications to the Firebird server, so that it writes a database file that is incompatible with all other servers. It doesn't matter then that people can transfer the database to another machine, as the standard server executables won't be able to access the data in the database.
Write only encrypted data to the file, so that it doesn't matter that access to the database is possible.
Both are of course not fool-proof either, as a determined cracker can simply use your own application to get at the data. Having permission to attach a debugger to the running process can be enough to halt execution of your application at any point in time and to examine the (decrypted) data in RAM. See also the SO question "How can I increase memory security in Delphi?", especially this answer, for more information on this topic.
BTW: this is something that can be done whatever database engine you choose, to answer the last part of your question.
how to use desktop application with firebird database and forbid any user to open it using another machine
If you mean that user has both the enrypted data and the key, you are doing DRM. The definitive answer is: you can't. You can slow down the user by hiding the key with different methods, but you can't stop them.
You don't.
This is more or less the same problem as Pidgin has in http://developer.pidgin.im/wiki/PlainTextPasswords, except that's protecting it from some users and not others, rather than your application and not any end users.
Hi everyone I hav a small problem in uploading my database. I have created a localhost website on my pc for a vehicle tracking system and now i have no clue in uploading it. It's got two Microsoft Access databases in my pc which is used in the website and they get updated at very regular intervals(almost every second) it has to be uploaded to the web real time. Right now I use ODBC on a localhost..
Does anybody have any idea how to do it?
Please help if so...
Depending on your traffic using ACCESS in a webserver multi user environment will be a real pain. (File in access, etc). Perhaps try to build a webservice to make changes directly on the server?
If you don't want to use ODBC you may have a look at ADO connectionstrings (www.connectionstrings.com is a goot starting point).
I would concur with #Sascha I wouldnt even bother wasting the time trying to run your site with access.
Depending on your host you should have access to a free mysql or mssql database. Use this instead. Write a new page that takes parameters and writes them to your online database, that way you can set up a relay on your machine that pushes the changes from your local machine to the web.
This is definitely not easy, but it can be done. You would need to run a SQL Server database on the web server, and then push the data from Access to SQL Server, or pull it from SQL Server.
We've got a couple of links talking about it at SQLServerPedia:
How can I synchronize data between MS Access and SQL Server databases?
How can I link a SQL Server database to MS Access using link tables in MS Access?
Again, it's not easy - judging by the way you worded the question, you're not going to like the answers that you'll read about. You may want to bring in someone who's experienced with web-based databases and replication in order to bring you up to speed and set your expectations about how challenging this will be.