i just want to know about the best way to store sensitive and secured data in wpf application that will not appear inside the exe file like databases and will store data and retrieve it when program start up again
Going by the latest comment, it seems that you need to encrypt user input data. Depending on the size of the data you could go with SQL Server 2008 R2 Express or SQL Server Compact. You can have a look at SQL Server 2008 R2 CE encryption or SQL Server 2008 R2 Express encryption.
If you are not looking at databases, then you could have a look at file based encryption using the System.Security.Cryptography namespace.
Higher levels of security are available in the enterprise version of SQL Server. More information on encryption levels in SQL Server 2008 can be found here.
Note that encryption of the database (depending on the algorithm used) can negatively affect the performance.
Related
I used to work with Oracle ETL/database tools and now I have transferred to a Microsoft working environment. In Oracle SQL Developer there was a feature named Data Masking which would mask selected column values with *** characters. Is this also possible with Microsoft SQL Server 2016?
As others commented, you are probably looking for Dynamic Data Masking which is available in all versions of SQL Server 2016 SP1, even Express and the embedded LocalDB. The equivalent in Oracle is Data Redaction
You'll find a nice overview in Use Dynamic Data Masking to obfuscate your sensitive data
We have a product that historically uses a Microsoft Access database which is great because it is portable.
However we are looking to move to SQL Server and this will range from the Express version upwards. In the Access database we can use a password to protect the database from prying eyes. Although I appreciate it only offers limited security. We need to be able to protect a SQL Server database however we do have access to the server as the database is delivered as part of the install. The client would install SQL Server and then attach the database. I looked at NetLib but that requires an install on the server. I cannot use TDE as SQL Express does not support that. I can use column encryption but I was wondering if there was a database wide solution. Basically no one except for us as supplier should be able to query the data unless they use our software interface.
Has anyone here moved the database underlying a SP 2010 install from one database instance to another (same data, just hosted in another instance)?
For example. we just want to move the database to a diffrerent machine.
In addition, has anyone moved SP 2010 from using SQL Express to a higher version of SQL Server? I would like to run some proof of concept tests with SQL Express, and if all goes well, then move to SQL Standard or Enterprise.
Cheers,
Daniel
Check out the following article:
http://technet.microsoft.com/en-us/library/cc512725.aspx
I don't think you'll run into any problems, just make sure you aren't going backwards in versions between databases. Backing up a database in SQL Server 2008 and restoring in 2005 isn't easy.
I've never done this with SharePoint, but I believe it lets you specify the location of the configuration database. Then you just need to match the user permissions.
The TechNet article "Move All Databases (SharePoint 2010)" is your main guide.
Note that this article contains the following warning:
The new database server must be running the same version of Windows
Server and Microsoft SQL Server as the existing database server.
This in NOT true!
Both from my own experience in migrating SharePoint databases and talks I've had with Microsoft Primary Field Engineering, I can say this method also works when SQL Server versions differ. But only if you upgrade to higher SQL Server versions (i.e. SQL Server 2005 to SQL Server 2008 R2). I was told this scenario is also fully supported by Microsoft.
Also, don't forget to update the database compatibility level for the migrated databases. This should future-proof your databases and enable advanced SQL Server optimization.
I want to deploy my SQL Server 2008 Database with application on the client's machine, where i don't want that anybody can open and read or copy my Database Objects (i.e. Tables, SPs, Functions, Views etc.).
I want to protect database with password same like Microsoft Access 2007 When somebody opens it asks Password. Can it be done in SQL Server 2008, if yes how.?
SQL Server is not like Access and doesn't have any file-based password-protection mechanisms (in the "normal" editions like Web, Standard, Enterprise/Developer, Express).
SQL Server is a server-based product - you need to restrict physical access to the server the files are located on, and prevent unauthorized users from accessing the files through the SQL Server mechanisms (like logins and permissions).
If you need something like Access' password-protected files, you need to use SQL Server Compact Edition which is file-based and has a password-protect feature
An alternative approach that you may also wish to consider, that is in addition to deploying an initial secure instance configuration, is the Transparent Data Encryption feature in SQL Server. This way were someone able to access the database data files "outside" of SQL Server, i.e. via the file system, they would not be able to review the data without decrypting the data files.
We have a team of sales persons who travel often carrying a laptop loaded with Sales data in a SQL Server Express database. What are the options available to encrypt a SQL Server Express database?
What's your threat model? Are you trying to stop a casual thief who's stolen a laptop, or a determined hacker? Are you trying to protect just the data, or also the schema?
If you're using SQL Server Express 2005 or higher, then it supports native asymmetric encryption. But if you're trying to stop a determined hacker, then I think the best option would be to encrypt the whole disk using something like TrueCrypt, or BitLocker for Vista/Windows7.
You may also consider using transparent encryption solution for SQL Server called DbDefence.
It is free for databases less than 77MB
I see that others have mentioned a third party product. If you are open to that, you can also consider Encryptionizer for SQL Server, which supports all versions and editions of SQL Server from Express to Enterprise. Disclaimer: I am with NetLib Security.