views:

55

answers:

1

I’m distributing an SQL 2008 database with my c# application (only the data, which I restore in the client’s local SQL server). Is there a way to assure that the client can only access my data by using my application? (and not, for instance, using Management Studio, SQLCMD, etc) Thanks, Nestor

+4  A: 

Yet another form of the same ethernal quesiton that comes up about SQL Encryption... see Who needs encryption? at the DRM section:

"I would like to package my database application in a form that would allow a customer to use it, but without him ever being capable to access the actual data stored in it. I think encrypting the database should help".

The answer is always the same: what you ask for is DRM, not encryption, and SQL Server does not offer any DRM solution. If you your application can access the data, so can the user from any tool of his choice. You are wasting your time trying to find a solution based on SQL encryption and all the claims to the contrary are snake oil. All 'solutions' will have a key management fault that will allow an administrator to retrieve the decryption key, always.

Remus Rusanu