How would i set a Database password that NOONE could see the Database layouts or field names and Data....i mean obviously there are hackers that can get programs to "Bust" into Most database but in general how would i prevent someone from looking at the layout and information?
My next question is a tough one, I THINK......I have a front end of VB6,......i want the back end to be SQL Server or SQL Sever Express 2005 When someone goes to login into my software product i would like to check a DB of valid User Names and Passwords... Now if I SQL Server running on TRUE Server, ie Win 2003 Server....could 50 people login at the same time to my software from 50 different PC accross the network? Is that what SQL Server means by Connections? or could everyone use the "sa" login?
My application handles all the locking and unlocking of databases and records in the DB...so i dont have to rely on SQL Server for that....essentionally SQL Server is a Data DUmp for me.......what does everyone think?
Also.....can you re-distribute the MDF files aka..Databases....like you would Access without having SQL Server installed....? If your front end is VB6 and the MDF will that work? b/c the software validates its login with the list in the DB not what SQL Considers a Login....Just like you can take a Access DB named "Test.MDB" rename it "Test.xxx" and re-distribute that wo whoever you want and they dont need the Access runtime to operate the VB6 software....obviously Access uses JET ...what does SQL Server Use.....couldnt you do the same thing with SQL Server?
Thanks All!!!
moving the thread to the database engine forum.|||If you distribute an application and database anyone having the binaries of those will be able to hack your application. Obfuscating might delay hacking.
What I have understood you will need SQL 2005 Express to be installed to attach mdf files.
According to documentation there is no limit for connections, you will need to configure it to allow remote connections though.
http://support.microsoft.com/default.aspx?scid=kb;EN-US;914277
I would use SQL servers ability to lock/unlock data rather than program it myself.
|||hi . did u get the answer?I have same problem . please send me if u find|||
dragonsbb16 wrote:
1 How would i set a Database password that NOONE could see the Database layouts or field names and Data....i mean obviously there are hackers that can get programs to "Bust" into Most database but in general how would i prevent someone from looking at the layout and information?
2 My next question is a tough one, I THINK......I have a front end of VB6,......i want the back end to be SQL Server or SQL Sever Express 2005 When someone goes to login into my software product i would like to check a DB of valid User Names and Passwords... Now if I SQL Server running on TRUE Server, ie Win 2003 Server....could 50 people login at the same time to my software from 50 different PC accross the network? Is that what SQL Server means by Connections? or could everyone use the "sa" login?
My application handles all the locking and unlocking of databases and records in the DB...so i dont have to rely on SQL Server for that....essentionally SQL Server is a Data DUmp for me.......what does everyone think?
Also.....can you re-distribute the MDF files aka..Databases....like you would Access without having SQL Server installed....? If your front end is VB6 and the MDF will that work? b/c the software validates its login with the list in the DB not what SQL Considers a Login....Just like you can take a Access DB named "Test.MDB" rename it "Test.xxx" and re-distribute that wo whoever you want and they dont need the Access runtime to operate the VB6 software....obviously Access uses JET ...what does SQL Server Use.....couldnt you do the same thing with SQL Server?
Thanks All!!!
Edit : CONDENSED ANSWER - Lost long post due Session Timeout :(
1. You can grant to right to accounts to "view definitions" to various objects. Check "Permissions" in BOL
2. You can use ONE Account to Acces the DB and then check inside the DB if there is a User created for this person. This is used for most Forums for example. Security Tips : DONT give SA Accounts to everyone. 2. Storing Passwords in SQL Server you should take a look at Hashing (and Salting them)
3. Can be done. Ask yourself the important question : How likely is it that someone will mess with my data while i am messing with it and how long will it take to mess with it? If the answer is even the slightest "could be" then you need to think about locking. Either way. You will allways "piss off" one guy.. So you take the pick which one. Also for some applications locking is harder to implement (for example web access with connections that are closed between page calls). See Timestamp fields. and optimistic and pessimistic locking
4. To open a SQL 2005 mdf file you need any Version of SQL 2005. But express is free and can be downloaded. Check the installation instructions for command line installations if you wish to include it in a setup package.
No comments:
Post a Comment