hi i have application which use a local sqlserver file to store data.i made a install package for this application ,but i want to make the the database file (*.mdf) hidden from user sight. in fact i don't want him/her to be able to see tables or other details of database , while he/she can use this by my windows application. is there any solution ?
A:
You can make it a hidden file:
File.SetAttributes(path, File.GetAttributes(path) | FileAttributes.Hidden);
But your best bet is to not store anything confidential on the users machine, there's always ways to bust security. You could also encrypt the database, but as the commentors point out, this is also insecure.
Malfist
2010-02-01 17:54:48
Like a simple configuration, in Folder / Options, and the user can see every single file on his or her machine, specially if he or she is the machine administrator. As is the case in most network I know.
Paulo Santos
2010-02-01 17:56:24
Encrypting the database wouldn't help much either in this case; if the key is hidden from the user then that means it's either hard-coded in the program or downloaded from a remote site. The former can be broken with Reflector alone; the latter could be picked up by a sniffer or proxy.
Aaronaught
2010-02-01 17:59:14
i use local data base in user machine.
persian Dev
2010-02-01 18:09:58
+1
A:
If the database is on the user's machine and you are most worried about the user accessing it, then you may want to reevaluate your architecture. Is a web solution viable?
Sam
2010-02-01 18:08:08
A:
The best solution is to limit rights in the database itself. If you use stored porcs to access data, you do not grant select/insert/update or delete rights to the user on the tables andthen they can't see them and they can only do waht the stored procs they are allowed to execute can do. Of course this won't work if you use any dynamic sql but you shouldn't be doing that anyway.
HLGEM
2010-02-01 18:51:33