tags:

views:

40

answers:

2
+1  Q: 

deploy SQL Server Database with a Winforms app

I have created a SQL DB-based winforms application, and I want to deploy it on a client machine. The program is a single user desktop application.

Opinions in this post suggest it's better to use SQLite or SQL Server Compact Edition in such scenarios. However, I prefer to use stored procedures, which are not supported in those products.

My question is about security concerns:

  • If I use an Access database, I can set a password for the database so at least non experienced users cannot view database directly.
  • How can I deploy a Winforms app to install SQL Server 2005 Express Edition and set password for my .mdf database file?
  • What installers support this request? clickonce, windows installer, installshield, etc?
+1  A: 

You may want to browse this technet article discussing SQL Server 2005 Express deployment with custom applications.

renick  2010-10-02 14:25:18
+! for the good article about SQL Server 2005 deployment. Although I found out by other posts that It's better to avoid using it.
Kamyar  2010-10-02 15:13:59
+1  A: 

The .mdf isn't executing as an .mdb is. In other words, you won't need to configure your .mdf file, with a password, as SQL Server will handle the security for authentication and authorization.

Access won't help much with your desire to stick with stored procedures, unfortunately.

Suggest that there are too many potential issues with deploying SQL Server Express alongside your app. It may be the case that the value of stored procs, in this case, may not be enough to warrant the hassle of installing SQL Server Express.

Evaluate the work being done inside those stored procs. Are they CRUD only, or much more complex. What is your reason for stored procs in this single-user app?

Consider re-architecting your application to:

  • use parameterized queries. Move the body of the stored procs into a constant string.
  • SQL Server Compact Edition

Balance the time-to-refactor with the potential customer-support issues!

Please consider the blogpost by Steve Lasker (Stored Procedures & SQL Server Compact-The Great Debate). It's got some great insight on assessing whether stored procs are the right tool for the job in regards to client applications.

Some Updates:

It sounds like you are trying to avoid that .mdf getting out of your hands. You CAN take some measures to lock down the data within - encryption of the data, but there isn't a 100% solution to avoid your .mdf being taken elsewhere. As you comment, once it's in the customer's hands, it's out of yours. :)

p.campbell  2010-10-02 14:36:14
I'm not counting MS Access as an option. I just wanted you to know how I'd like DB security be implemented.
Kamyar  2010-10-02 14:51:20
So Basically, There's no way to secure (Password protect) SQL Express DB file from client?
Kamyar  2010-10-02 14:52:15
@Kamyar, that's right. The file isn't meant to be used by anything other than an instance of SQL Server. Try executing your .mdf - there are no file extension associations, and no applications that can read it. The .mdf is very much a binary datastore that can only be accessed via SQL Server. It's the SQL Server instance that can interact with the file.
p.campbell  2010-10-02 14:58:59
@campbell: I know. but what if the user on the client, installs SQL Server express edition and attaches the .mdf file. Then he/she can view DB data and structure. So I guess when you write a winforms desktop app, you shouldn't use SQL Server express edition unless you don't care if the client has access to your DB. right? P.S. +1 for the blog post by Steve Lasker. Excellent.
Kamyar  2010-10-02 15:06:08

related questions

What language do you use for Postgresql triggers and stored procedures?
Are Multiple DataContext classes ever appropriate?
Which tools do people use to create Data Dictionaries?
Any experiences with Protocol Buffers?
Mechanisms for tracking DB schema changes
How big can a MySQL database get before performance starts to degrade.
How do I index a database field
How does database indexing work?
How do I connect to a database and loop over a recordset in C#?
Editing database records by multiple users
Object Oriented vs Relational Databases
VFP .NET OLEdb provider does not work in Win 64-Bits. Help
Embedded Database for .net that can run off a network
Connect PHP to an AS/400
Swap unique indexed column values in database.
cx_Oracle - what is the best way to iterate over a result set?
cx_Oracle - How do I access Oracle from Python?
.NET Migrations Engine
Is there a version control system for database structure changes?
SQLite and XSD
How do I version my MS SQL database in SVN?
XSD DataSets and ignoring foreign keys
Flat File Databases in PHP
Throw Error In MySQL Trigger
Binary Data in MySQL