Please start any new threads on our new
site at https://forums.sqlteam.com. We've got lots of great SQL Server
experts to answer whatever question you can come up with.
| Author |
Topic |
|
izaltsman
A custom title
1139 Posts |
 Posted - 2003-09-12 : 12:31:53
|
| Does anyone here use MSDE as part of a stand-alone desktop app?I wanted to find out how you secure your data files...My concern is that since this app will be installed on regular desktops/laptops, the access to the filesystem is not controlled as tightly as I like. I think this makes it very easy for the attacker to copy the mdf and attach it to some other MSDE/SQL instance (where he has sa rights) and gain full access to the data. To my knowledge there is no way to password-protect an mdf (so that it can't be attached by anyone who does not know the password). |
|
|
Page47
Master Smack Fu Yak Hacker
2878 Posts |
Posted - 2003-09-12 : 12:46:18
|
| Can you attach a file that hasn't been detached? Can you even copy it?Jay White{0} |
 |
|
|
MichaelP
Jedi Yak
2489 Posts |
Posted - 2003-09-12 : 12:55:50
|
| On an NTFS drive, you can probably setup permissions so that other users could nto grab the MDF files. On a 98 box, I doubt that you can protect it.Jay, I think you can do this, it's just not standard practice. You might lose some data, but I think you get most of it. I don't think you can do a file copy, but there are programs out there that let you grab a file that is in use and copy it. Michael<Yoda>Use the Search page you must. Find the answer you will.</Yoda> |
|
|
|
izaltsman
A custom title
1139 Posts |
Posted - 2003-09-12 : 12:56:14
|
| Yes, you can attach a file that hasn't been detached.You can easily copy an mdf if database is set to autoclose (which I am not gonna do), or if SQL Server/MSDE is stopped (which I have to do -- I can't have MSDE hogging resources on user's workstation when user is not working with the application). |
|
|
|
izaltsman
A custom title
1139 Posts |
Posted - 2003-09-12 : 13:08:30
|
Michael, thanks for the reply... Setting NTFS permissions is one thing I will definitely do for Win NT/2k/XP. Unfortunately the app needs to run on Win98 as well  , so if you have any more thoughts on how to secure the datafiles, I'd love to hear them! |
|
|
|
MichaelP
Jedi Yak
2489 Posts |
Posted - 2003-09-12 : 14:12:41
|
| The application has the database on each local workstation right? There's not a single DB that all the workstations would connect to?On a 98 PC, I don't see how you can protect the MDF. It just doesn't have any real security built into it, as far as I know.About the only solution I see if to encrypt all of the data in the database, and have your application do the decryption. That way, they would have to use your application (and it's security settings) to get into the data. Needless to say, this is gonna be involved and hella slow.Michael<Yoda>Use the Search page you must. Find the answer you will.</Yoda> |
|
|
|
|
|
|
|
|
Data security issue