January 25, 2006 at 8:23 am
We are investigating migrating a Sybase ASA application to SQL Server. If we use MSDE, is there a way that we can protect access to the data, i.e. only allow the user to access the data through our custom application. I know that MSDE 2000 can be imbedded in the application installation, but does this protect the database from other access methods?
January 25, 2006 at 8:44 am
If the MSDE is installed on the same server as the application, you can remove all the network libraries (which I believe is not the default with SP3/SP4). In that case, access via shared memory is the only thing allowed, meaning a process that runs on the same server. In that case, no network access is allowed. If a user can't get to the system, they can't hit the MSDE.
Now, if the MSDE is installed on workstations, there isn't a solid way of completely protecting your data if the user is an administrator on the system. If the user could run a process as SYSTEM (not as hard as one might think), the user could force his/her way in.
Can you explain a bit more about how MSDE will be deployed versus your app?
K. Brian Kelley
@kbriankelley
January 25, 2006 at 11:11 am
Well, I'm not quite sure how MSDE would be deployed, but let me try to explain what we do now, since that's what we'd like to replace.
We have a VB application which accesses a Sybase ASA database via ODBC. The ID and password are hardcoded in the app. The ASA database is delivered to a third party client on CD. Since ASA has no master database, the vendor just has to install the db files in a predefined location where the app can find it. The application is run on mobile, standalone computers
We'd like to be able to build the MSDE distribution into the application distribuition, and provide the the whole package as an install to the client. We don't want them to be able to access the data in any manner other than using the VB app.
January 25, 2006 at 11:19 am
Unfortunately, if they control the MSDE install, they're going to be able to control access to it. Without resorting to encrypting the data in the application, there's not a whole lot you can do to prevent it. MSDE is a stripped down SQL Server engine and as a result, the same ways of getting into SQL Server apply to MSDE. Therefore, if they control the system on which the MSDE is installed, they can do whatever they want to with the database.
K. Brian Kelley
@kbriankelley
Viewing 4 posts - 1 through 3 (of 3 total)
You must be logged in to reply to this topic. Login to reply