We have a team of sales persons who travel often carrying a laptop loaded with Sales data in a SQL Server Express database. What are the options available to encrypt a SQL Server Express database?
What's your threat model? Are you trying to stop a casual thief who's stolen a laptop, or a determined hacker? Are you trying to protect just the data, or also the schema?
If you're using SQL Server Express 2005 or higher, then it supports native asymmetric encryption. But if you're trying to stop a determined hacker, then I think the best option would be to encrypt the whole disk using something like TrueCrypt, or BitLocker for Vista/Windows7.
You may also consider using transparent encryption solution for SQL Server called DbDefence.
It is free for databases less than 77MB
I see that others have mentioned a third party product. If you are open to that, you can also consider Encryptionizer for SQL Server, which supports all versions and editions of SQL Server from Express to Enterprise. Disclaimer: I am with NetLib Security.
Related
I see SQL Server 2016 SP1 All Editions now have "Always Encrypted" available. From looking around, it appears there's a new ODBC driver that will work with the "Always Encrypted" data.
With the caveats in the SQL Server documentation about working with encrypted columns, does anyone have experience using this encryption with Microsoft Access? Will it work with Access 2010, or does it require newer versions?
Is there a noticeable performance hit from the encrypting/decrypting? Am I reading it right that since joins and where clauses require additional handling for encrypted columns, best practice would be to not use sensitive columns as keys.
Also, I have an Access Project -- can this work with Access 2010 in a Project (adp), or will I have to update to an .accdb version of the application?
Here is a post with a solution on how to configure Access with Always Encrypted: https://social.msdn.microsoft.com/Forums/sqlserver/en-US/b9eea19c-1943-4b25-b07d-9193f7b7dab0/odbc-always-encrypted-problems?forum=sqldataaccess.
We have a product that historically uses a Microsoft Access database which is great because it is portable.
However we are looking to move to SQL Server and this will range from the Express version upwards. In the Access database we can use a password to protect the database from prying eyes. Although I appreciate it only offers limited security. We need to be able to protect a SQL Server database however we do have access to the server as the database is delivered as part of the install. The client would install SQL Server and then attach the database. I looked at NetLib but that requires an install on the server. I cannot use TDE as SQL Express does not support that. I can use column encryption but I was wondering if there was a database wide solution. Basically no one except for us as supplier should be able to query the data unless they use our software interface.
I am getting a little bit confused about the difference of the followings:
SQL Server Express
SQL Server Compact
localDB
My requirement is to develop a desktop application that will use basic RDBMS features. I need to package the application and allow the user to install a single distributed package. I don't want the user to install even SQL server express.
In this case, which DB I should use? SQLite is not considered as too much re-coding has to be done.
Thank you.
SQL Server Express is full featured DBMS, with some limitations in terms of database size and resources it is allowed to use. You can see it's limitations (relative to SQL Server) on microsofts site (Features Supported by the Editions of SQL Server 2012)
SQL Server CE is embedded database, meaning that it runs in user mode, it's easy to deploy (requires you to copy just few assemblies), lightweight but fast, can be run by a low privileged user. It's supported by NHibernate. However, has more limitations. To me most notable is that there are problems when you try to have multiple connections to same database. Although MS claims that this is supported, if you try this in Windows 2008 server, you will fail. And what's worse, such use scenario may lead to DB corruption. This means that you will effectively not be able to use some Management tool to update data while your service/website is running. Also, SQL Server Management studio doesn't support SQL CE anymore, so you will have to use a 3rd party tool, like Database.NET. It also does not support subqueries.
localDB, having not used it, sounds like a compromise. It's a standalone database which is executed in user mode (can be used by low privilege user), but must be installed so you will need administrative privileges for that part. Offers set of capabilities of SQL Server Express. It's much larger than SQL CE, and also requires to be installed (unlike CE which is just binary drop in). Shortest overview of this DBMS can be found here.
i just want to know about the best way to store sensitive and secured data in wpf application that will not appear inside the exe file like databases and will store data and retrieve it when program start up again
Going by the latest comment, it seems that you need to encrypt user input data. Depending on the size of the data you could go with SQL Server 2008 R2 Express or SQL Server Compact. You can have a look at SQL Server 2008 R2 CE encryption or SQL Server 2008 R2 Express encryption.
If you are not looking at databases, then you could have a look at file based encryption using the System.Security.Cryptography namespace.
Higher levels of security are available in the enterprise version of SQL Server. More information on encryption levels in SQL Server 2008 can be found here.
Note that encryption of the database (depending on the algorithm used) can negatively affect the performance.
Can it be done and if so, how?
You can also check out Sync Services for Sql Server and Compact edition. The benefit of Sync Services is that you don't need a replication server or IIS and you can also sync between compact edition databases. This method involves writing a fair bit more code and is fairly involved, but I'd recommend looking into it as a lightweight service.
You can use Merge Replication. Theres a tutorial here SQL Server Compact 3.5 How-to Tutorials (Number 5).
Certainly replication is possible, as is Sync Services if you're not afraid to get your hands dirty. It depends on the details of what you need:
Sometimes-connected application wanting to have a read-only cache: Sync Services
Sometimes-connected application wanting to have part or full update ability: Sync Services
Remote site with multiple workstations needing read/write access to data: replication if you can get a secure network connection that's stable enough, otherwise look at extending Syn Services to work with SQL Express (or full SQL Server) based on the sample here: Sync using SQL Express
If you just want a SQL CE database and you're working with a SQL 2008 server then the wizard in Visual Studio 2008 SP1 will do all the work for you, you need only add 1 line of code to it if you want bi-directional support. If you can't upgrade then it will take more work with SQL 2005, and it's only reliable if you have at least SP2.
I'm in the middle of a project that requires multiple sites to have a sub-set of data in an environment where each site may lose it's connection to the head office at times, we've managed to get Sync Services to work with SQL 2008 at the head office and SQL Express 2008 at each site with full change tracking (2008 feature) and it's working great. It does require a reasonable amount of code (C# and SQL), so we've used some pretty smart templates to help. Be aware that.
Perhaps you could refine your question with more details?
Because of budget constraints I think it will have to beta-tester's approch,i tried following the guide and cant seem to get it working. Before I spend time getting it to work, I just confrim, Replicating between SqlServer 2005 and Compact Edition is something that can be done?
I just confrim, Replicating between
SqlServer 2005 and Compact Edition is
something that can be done?
Yes it can definately be done using either Merge Replication or Sync Services