Reputation: 1
How to Prevent windows users to not access SQL server data files
I am working in a product based company and will provide SQL Server 2014 Express edition with our software. I want your expert comment on security.
Problem: As we are installing a database on client PC then they might be able to see our database schema by attaching MDF files to another server. (In my view, through database objects name and data, other companies can easily identify our workflow and can develop software easily) So I want some type of encryption or file system solution to prevent user to take database files. And yes as we are using express edition, we can’t use available SQL server encryption options.
Upvotes: 0
Views: 317
Answers (4)
Reputation: 28940
you can prevent client from copying files, only if client had minimal permissions on the box where you are copying the files
I would recommend SQLAZURE Database,it starts with 5$ Per month and i believe standard pricing tier is most suitable(approx:30$ per month)..with this way , you also can be sure, your schema is secure
Upvotes: 1
Reputation: 2502
If you are willing to consider a third party product, there are at least two that can do what you want, viz protecting your SQL databases from your customers. One is ours: Encryptionizer for SQL Server. The other is DBEncrypt. They work very differently though. Encryptionizer sits between the SQL Server process and the OS, while DBEncrypt injects itself into the SQL process in memory using the old Detours SDK.
Upvotes: 0
Reputation: 724
You could try this third party software: https://www.database-encryption.com/ Database can only be restored/attached where this software is installed. Requires an encryption key to see any info from the database, it's free up to 200MB of database size (I currently use this software)
Upvotes: 0
Reputation: 467
Interesting, that is what my company does currently but the user has to have a special server role in order to open up the actual schema.
That role is then linked with their login. When we create a user login we use a cryptic login like ght02%username% and not just their windows credentials. This means that if they login via windows auth, do not have access to that schema.
The only way of taking the MDF that i'm aware of is that if they have either detached the database or the service is stopped. Again this could be manageable by disabling them stopping the server and they won't be able to detach if they don't have the permission.
There are most likely better options though.
Just my two cents.
Also a duplicate of this
Upvotes: 1
Related Questions
- SQL Server Security: prevent authorized Active Directory users from reading data
- How to set DENY permissions on a data user
- Prevent database file from copying
- Windows Authentication - Restrict SQL Server Backend Access
- User accessing database files in SQL Server
- How to secure a SQL database from domain admins?
- Prevent windows admin user from reading a SQL Server database
- Securing access to SQL Server data
- Protecting my database files
- Preventing users from accessing Application Database