I developed a Winforms application with SQL Server 2008 R2 database for one my friends.
When I deployed & installed it on my friend's PC; software clearly shows database file. If he open that file in SQL Server, then he can able to watch my SQL queries, tbl structures etc.
I just want to hide all this from my clients.
How can I do this?
I search some of software on Internet. When I installed it on my PC; it not showing me any database file. How they do it?
Please help me.
If your application and database are both deployed on your friend's PC, there's almost nothing you can do to truly block him/her from getting to your database.
There is no feature in SQL Server that blocks schema view from an authorized user (e.g. admin) and if you own the machine, you can present yourself as admin to SQL Server in multiple ways even if you were not originally added to the admin role or given SA account access. You can setup hurdles like putting everything in stored procedures then encrypting the SP but it's just a small hurdle, not a wall.
This is not unique to SQL Server, the same issues apply to pretty much any RDBMS in the market. If you own the box, it's not hard to get to the DB contents. Software vendors have been trying do this for decades and most just give up and protect their IP legally instead. That's no consolation for you but it is reality.
If using a service like Azure is viable, you can host your app in Azure and the database can be Azure SQL DB or a regular SQL Server in a VM. I'd recommend the former if the feature set and surface area work for you; it's not identical to the SQL Server box product you're accustomed to. However, it is far less work for you to manage and secure. With the app also in Azure, your friend and clients will access via a browser and never have direct access to the database. Even if the app is installed locally on your friend's or clients' machines, it's easy to design the app such that they can only access data and nothing else.
Related
In my company we have 3 virtual machines (application, business, DB).
Been trying to understand how our software app running in my machine which uses a simple text file with connection string is able to communicate to another server like the database server to connect to MS SQL installed there.
If I login to Business server and run a simple powershell to query the SQL db, it is able to connect as well.
My question is, how does the visibility of MS SQL Server (running on our DB Server/vm) available to the Application and Business servers? Was it done by installing some components to application/business server and making bits of configuration to be able talk to the SQL server from another VM? What's normally the setup here?
Sorry, you might be wondering why I'm asking you guys and not the developers in my team, but they don't know either, because they run the client app and it connects to the DB using the connection string. The DBA/Infrastructure guys were the ones who did some setup but can't be bothered or won't want to be bothered.
Thanks
You should specify more details in the next format :
Language, Tools used.
Version and name of framework.
Db version.
VM Machine version and type. (Oracle, VMWare, etc)
The first thing to check it's your connection outside your app and inside each VM.
If you reach from the VM to the Database allocated in the external server that means the infra team has made their job.
If not, your vm setup has to be in a net configuration that allows your vm to have access or reach the net where you're central server with the db it's allocated.
Take a look at : https://www.cloudsavvyit.com/3477/which-type-of-networking-should-you-use-for-your-virtual-machine/
If the second one it's the case, this it's not a Developer task. it cames mores from the Infra side and you should scalate the issue with your pm to the corresponding department.
Those should be your first items to work on. Best!.
I'm working on a desktop app that was developed about 5 years ago using C# and mssql server 2000.
This app uses OPENROWSET to load some xls files, and it worked just fine til the institution in where I work upgraded databases (to something like msserver 2019 or sort of), and OPENTOWSET stop working.
Despite knowing there's plentiful of procedures and recipes to fix this issue (which I cannot apply coz database runs on server), my company's DBA is telling me the only way to fix such problem is to give admin-privileges to the app-user, and he cannot do that because of safety rules - dropping the problem to me. Now I have to replace OPENROWSET with something else.
So the question is: is that true?
There's no way for a skilled DBA to make OPENROWSET work on a remote DB with regular/non-admin user, fixing those errors about permissions and linked servers?
Is OPENROWSET "mature-or-safe-enough" to make it run on nowadays production servers?
It looks like you are attempting to open excel files from within your database. In which case, the default setup would not allow this:
https://learn.microsoft.com/en-us/sql/t-sql/functions/openrowset-transact-sql?view=sql-server-ver15#remarks
OPENROWSET can be used to access remote data from OLE DB data sources
only when the DisallowAdhocAccess registry option is explicitly set to
0 for the specified provider, and the Ad Hoc Distributed Queries
advanced configuration option is enabled. When these options are not
set, the default behavior does not allow for ad hoc access.
When accessing remote OLE DB data sources, the login identity of
trusted connections is not automatically delegated from the server on
which the client is connected to the server that is being queried.
Authentication delegation must be configured.
It sounds like this may possibly have been configured way back in the past for previous databases, but the DBA who now sees this regards it as a bit of a security problem. Whether or not he is right depends very much on how you use this, but it does sound like something that would be better avoided.
It may be better to load the excel files in your C# application and then send the BULK data to sql server to just save.
I am tasked with creating a central Database for a small office to allow multiple computers to connect to a database using a C# program. I have already written the program and it currently connects with a database that is in the bin folder.
I am completely lost as to how to move on to creating a multi user environment. I searched all around SO and tried downloading Microsoft SQL Server, but I have no idea how I would set this up in the office and allow it to be accessed from multiple computers. Also, from the information I've gathered, Microsoft SQL Server needs to be running at all times to allow a connection -- this isn't a deal breaker, but is there any other methods that wouldn't need this? There isn't exactly a "main computer" in the office that is always running.
To run a centralized sql server database in your office you would at a minimum setup sql server on a "server". The server can be pretty simple unless you expect a heavy user load.
The server has to be on in order to allow connections.
Sql Server exists in a free version called Sql Server express, but it has limitations when it comes to scalability, so it's not meant for large systems.
You can download it and install it on your server in the office and connect to it through a connection string in your application.
You can also consider open source platforms like mySQl, but it would still require a central server.
Alternatively you can consider a hosted solution where you have a company host the database for you in their data center.
If you do not have the server computer in your office that will host the DBMS and allow others to connect to your DB using the web interface, try to use Windows Azure. This will cost you some money. Here you need to estimate what is cheaper for you: purchase a server or pay for the azure.
I have a question regarding C# Windows Forms connecting to external hosted databases.
I have a GoDaddy SQLServer 2008 database that I use for my web development database purposes. I am creating a C# windows form and I need that to connect to the database. I know how to connect a C# Windows Form to a local database, so I figured that the only difference would be to use a different connection string.
The connection string I am using is as follows:
Data Source=limeoatsdb.db.8996219.hostedresource.com; Initial Catalog=database; User ID=userid; Password=password;
I replaced the values above with dummy values, but obviously in my code they have the correct values.
First of all, is it even possible to connect a C# windows form to a GoDaddy database?
Secondly, if it is possible, any ideas on what I am doing wrong?
This is not possible. GoDaddy blocks all connections to its databases from systems it doesn't manage.
This is typical of many hosting companies. It's common that you can only use their databases from their own systems, for security reasons.
If you need access to your data, you'd need to create some form of intermediary step, such as building an API in your website which could be accessed by your form.
Beyond GoDaddy blocking ports, I should point out this is a bad idea if you plan on distributing the app.
If you allow clients to connect directly to your database, you're essentially leaving the front door wide open. There'd be nothing stopping me from connecting to your DB server with SQL Management Studio and fiddling with your data.
Think of it this way: in a web app, you'd never give client-side JavaScript direct access to your database. Instead, it has to go through your app server.
I'd create some kind of server that provides an API that the client Win Form can call. The server can even be a regular web server that provides REST/SOAP/whatever APIs. A good place to start might be looking in to WCF.
Yes, you can connect to a SQL Server database on GoDaddy servers.
It's a feature I've used to access the database through SQL Server Management Studio.
Check this: https://stackoverflow.com/questions/357147/go-daddy-sql-server-2005-remote-connection
Basically, when creating your database, make sure you check the "Direct Access" option.
Obviously, this is a security issue you must be aware of.
I'm hoping someone can help me. I recently started the development of a windows form application connecting to a remote sql server database. I was happy enough developing it until a potential client queried if they would be able to buy the whole application but they do not want the application connecting to the db via the internet.
I predominantly develop websites using php/mysql but migrated to c# for this particular project. I'm familiar with sql but not sure what database I should be using if the client wishes to have the whole application on their own computer. I've considered providing the database install as a pre-requisite when publishing the app (although I'm currently not sure how to do that) but I'm having reservations whether that is suitable or could lead to more problems. I want to create an application that can install to a single computer and has little to no need for administration. Could someone advise the best way to approach the data storage in this instance.
Because you have already a SqlServer database operating on your remote site, the best path should be to use the LocalDB version of SqlServer Express 2012. See this link about deployment.
If you don't use stored procedures, views and triggers then also the SQL CE could be an option, but you will not have file binary compatibility and you should work on importing your schema and data.
SQL CE is a compact light weight way of going..
http://blogs.msdn.com/b/sqlservercompact/archive/2011/01/12/microsoft-sql-server-compact-4-0-is-available-for-download.aspx