I am distributing my application which includes MSDE 2000. My setup program
attaches .MDF and .LDF files once instance of MSDE 2000 is installed on the
customer’s computer. Now my worry is how can I restrict customers running W2k
or XP from accessing my database using EM or third party GUI’s. If customers
are running W2k or XP and have administrative privileges they can easily
register the installed instance of MSDE with EM and access the data
structure, stored proc etc?
I tested it on a computer which is running W2k, I logged in as
Administrator, ran my Setup program to install MSDE, attach .MDF and .LDF,
..NET framework, MDAC and my application. Then I installed EM and registered
an instance of installed MSDE with it. I could access everything in the
attached db.
How can I prevent this, as data structure, stored proc etc means a lot and
can’t let anyone steal it.
Thanks
Hi Job,
You're not going to like the answer but you can't. If the user has admin
privileges on the system, you can't keep them out. You can make it difficult
for them but you can't actually keep them out. There are many things they
can do to get back in.
You might need to look at encrypting your stored procs (ie create them WITH
ENCRYPTION). That at least might be a start.
HTH,
Greg Low [MVP]
MSDE Manager SQL Tools
www.whitebearconsulting.com
"Job Lot" <JobLot@.discussions.microsoft.com> wrote in message
news:1AACA558-6859-43A6-BF6B-0550D0F7750C@.microsoft.com...
>I am distributing my application which includes MSDE 2000. My setup program
> attaches .MDF and .LDF files once instance of MSDE 2000 is installed on
> the
> customer's computer. Now my worry is how can I restrict customers running
> W2k
> or XP from accessing my database using EM or third party GUI's. If
> customers
> are running W2k or XP and have administrative privileges they can easily
> register the installed instance of MSDE with EM and access the data
> structure, stored proc etc?
> I tested it on a computer which is running W2k, I logged in as
> Administrator, ran my Setup program to install MSDE, attach .MDF and .LDF,
> .NET framework, MDAC and my application. Then I installed EM and
> registered
> an instance of installed MSDE with it. I could access everything in the
> attached db.
> How can I prevent this, as data structure, stored proc etc means a lot and
> can't let anyone steal it.
> Thanks
>
|||That was the last thing I wanted to hear. What’s the point of having windows
authentication in first place, when its will leave your database system
vulnerable. Why MS has designed it this way, where does all security features
goes? How can you ensure that you are designing robust and secure database
system? Imagine you spending weeks on designing your database system to find
out that there’s no secured way to conceal it. I can’t even use Access as I
can’t run stored proc with it? Is there any other better solution available?
"Greg Low [MVP]" wrote:
> Hi Job,
> You're not going to like the answer but you can't. If the user has admin
> privileges on the system, you can't keep them out. You can make it difficult
> for them but you can't actually keep them out. There are many things they
> can do to get back in.
> You might need to look at encrypting your stored procs (ie create them WITH
> ENCRYPTION). That at least might be a start.
> HTH,
>
> --
> Greg Low [MVP]
> MSDE Manager SQL Tools
> www.whitebearconsulting.com
> "Job Lot" <JobLot@.discussions.microsoft.com> wrote in message
> news:1AACA558-6859-43A6-BF6B-0550D0F7750C@.microsoft.com...
>
>
|||"Job Lot" <JobLot@.discussions.microsoft.com> wrote in message
news:3D7C097D-4567-46DA-9C98-29139C6B5FAF@.microsoft.com...
> That was the last thing I wanted to hear. What's the point of having
windows
> authentication in first place, when its will leave your database system
> vulnerable. Why MS has designed it this way, where does all security
features
> goes? How can you ensure that you are designing robust and secure database
> system? Imagine you spending weeks on designing your database system to
find
> out that there's no secured way to conceal it. I can't even use Access as
I
> can't run stored proc with it? Is there any other better solution
available?
A logical move would be from MSDE to SQL Server running on a server
platform. While similar issues exist with folks that have local
administrative access, you can lock down your instance of SQL Server fairly
tightly. Combine that with stored procedure encryption and possibly, file
level encryption you should be able to go a long way to protect your
intellectual investment.
Steve
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment