How to Password Protect my SQL Server Database? - sql-server

I want to deploy my SQL Server 2008 Database with application on the client's machine, where i don't want that anybody can open and read or copy my Database Objects (i.e. Tables, SPs, Functions, Views etc.).
I want to protect database with password same like Microsoft Access 2007 When somebody opens it asks Password. Can it be done in SQL Server 2008, if yes how.?

SQL Server is not like Access and doesn't have any file-based password-protection mechanisms (in the "normal" editions like Web, Standard, Enterprise/Developer, Express).
SQL Server is a server-based product - you need to restrict physical access to the server the files are located on, and prevent unauthorized users from accessing the files through the SQL Server mechanisms (like logins and permissions).
If you need something like Access' password-protected files, you need to use SQL Server Compact Edition which is file-based and has a password-protect feature

An alternative approach that you may also wish to consider, that is in addition to deploying an initial secure instance configuration, is the Transparent Data Encryption feature in SQL Server. This way were someone able to access the database data files "outside" of SQL Server, i.e. via the file system, they would not be able to review the data without decrypting the data files.

Related

Create a new "portable" server in SQL Server 2014 and view it in the same SQL Server Management Studio instance of other servers

I have the server
DESKTOP-TI7M67V\SQLEXPRESS (SQL Server 12.0.2269 - DESKTOP-TI7M67V\joe)
It is a SQL Server 2014 database engine using Windows authentication.
I need to create a new server, database engine with SQL Server authentication this time, that I need to connect and view into the same SQL Server Management Studio instance I use for my server by now, since I need to create queries involving both.
I've seen that I can do it with linked server feature, but I need to create and setup the new server correctly.
The access to this new server, obtainable through SQL Server authentication, must have different authentication parameters than the other one already existing, if a user doesn't have them, he would be able to access the old server, but not the new. The access of both servers has to happen in the same SQL Server Management Studio instance.
Plus, the databases files of this new server must be portable. For portable, I mean that all its files (that make it work) must be able to be put in a custom directory on two pcs, with SQL Server 2014 already installed on both, and be copyable and pastable, e.g on a pendrive, in order to be transferred from a PC to the other. That's for maintain synchronization between two different physical users workplaces in which the database will be used, workplaces that for the moment are not directly interfaceable with a single, fixed, detached and interconnected source on which place the database.
My question is how to create a new server that would have these features.

Why can't I save an SQL database on the server itself?

I'm trying to set up an SQL server for my web-server to send and receive data from. I'm somewhat confused on how the whole SQL server thing works though. I was wondering why I need a separate server for my SQL and my web server. why can't I save an SQL database on the server itself instead and access it the same way one would read and write an XML or JSON file on the server to store data?
You may be getting caught up with server, as in the computer its running on (physical box, virtual machine, might be easier to think of it as the operating system) vs the server, as in web server/sql server which are different software packages.
So the SQL server (software) and the Web server (software) can run on the same server (hardware, essentially).
Depending on your use case its usually best to have the SQL server on a different server (hardware) to your web server so that there is more dedicated resources for their processes, but its not required.
If you are asking why you cant talk to the database file directly, (in the case of MS SQL Server, at least) the server manages its own permissions and manages all the file IO for you. Its a bit more complicated than a JSON file.

How can I encrypt a distributable SQL Server Express database?

We have a product that historically uses a Microsoft Access database which is great because it is portable.
However we are looking to move to SQL Server and this will range from the Express version upwards. In the Access database we can use a password to protect the database from prying eyes. Although I appreciate it only offers limited security. We need to be able to protect a SQL Server database however we do have access to the server as the database is delivered as part of the install. The client would install SQL Server and then attach the database. I looked at NetLib but that requires an install on the server. I cannot use TDE as SQL Express does not support that. I can use column encryption but I was wondering if there was a database wide solution. Basically no one except for us as supplier should be able to query the data unless they use our software interface.

Microsoft Access 2007 Database on Django?

I have a Microsoft Access 2007 database (.accdb) used in a CRM, and I'd very much like to create an unmanaged model in django to access the data (read-only) for a quick and dirty web application.
What are my options here? I looked at django-pyodbc, but they unfortunately only support ms sql connections at this time. That made me wonder, perhaps there is a way to mirror a Microsoft Access database to a MS SQL server through ODBC, and then connect to that through the django-mssql or django-pyodbc application?
Another option is to convert the access database to some intermediary database file which could then be accessed through django. The downfall to this approach is that I'd need to ensure that I regularly syncronize this intermediary database with the access database, so the intermediary db is up to date.
Does anyone have any ideas on how I can connect to my Access 2007 CRM data through django?
Access files really don't like more than one person touching them. You've outgrown them. Get a proper multi-user networked database and migrate to that. Microsoft will sell you SQL Server for the price of a small yacht or give you SQL Express for free in the hope that soon you'll need to upgrade.
Or use PostgreSQL via ODBC for free for ever. But don't try and use a file as a database without going through a server first.

Exporting SQL Server Databases for offline use

I have a desktop application (C# .NET 3.5) that uses a SQL server for it's database. I have had a request from the client, however, to make it possible to export the database as it stands, and be able to use it on a laptop without connectivity. They understand that updates to the parent server will not be reflected in these offline clients.
Is there a way I can just save the DataSet's to a binary form and write them to a disk and send those files to the offline clients.
There is an entire line of tools and technologies covering this case, namely the Synch Framework. See Synchronizing Databases. See Getting Started: Client and Server Synchronization for a starting example involving a SQL Server Compact Edition file on the client (.SDF file) that is synchronized with a SQL Server central database. Note that the client won't install anything else other than you application, the SQL Server CE is just a few in-process DLLs that you distribute with your app, nothing nearly as complex as a SQL Express edition on the client.
The good news is that Synch Framework no only allows the client to get their own on-the-go snapshot of the database, it actually allows for changes applied while disconnected to be merged back into the central site.
You could either use Compact Edition (aka. SDF files), or you can save the datasets as XML using the built-in method.
Can't you just take a SQL Server level backup and have them install e.g. SQL Server Express on their laptops and restore the database there?
That way you wouldn't have to do anything special in your app at all - just change the connection string to point to the local SQL Server Express instance, and off you go! No mucking around with serialized data sets and stuff......

Resources