password protecting my SQL Server database from users - sql

I am a bit confused after reading around the internet that this cannot be done.
I have an application that I install on clients machine. This application uses SQL Server 2008 database that is installed along with the application. The database contains some tables that contain important information like giftvoucher balance.
I want to prevent unauthorised access to the database but problem is since I am installing my database on client machine they already have access to the SQL management studio through windows authentication.
Is it possible to prevent them from getting access to my database and tables ?

Your options:
DBDefence (not free)
Transparent Data Encryption
Switch to Sql Server Compact Edition

Related

No UI dialogs in MS Azure / SQL Server Management Studio

Recently, I purchased a licence for a Microsoft Azure SQL Server 2012 (packet "S0" - Standard, 250 GB)
When I connect with SQL Server Management Studio 2012 to this database, then all the user interface dialogs for creating tables, setting up users, etc. are gone.
You can only script and execute pure SQL statements.
Even the table editor is gone, so you even cannot edit the data in a table!
If I connect to a local database, then everything works. So the problem must be related to the Azure Database. Can anyone help ?
If this is Azure SQL Database, then keep in mind that this is not the same as SQL Server 2012 although you can use the same tools to connect to it. This behavior is therefore correct and normal. If you have installed or used an image for SQL Server on a VM then you should have everything as you expect.

Creating a Database Server for home use in SQL Server 2005 Express

I am looking to create a database server that can be used to store data using a VB.net application. When I initially installed SQL Server 2005 Express edition, I believe I installed this using the LocalDB option.
As it stands my application is a simple tool which utilises the Process.Start command under certain situations, depending on user input, to launch Game Servers for use at a gaming LAN I assist in running.
I wish to progress the application by being able to update, delete and query a database created in SQL Server 2005 Express. I understand the use of connection strings etc, however I am wondering if the installation using LocalDB will mean that I cannot connect to the server to process the data I require.
Can I continue to use the LocalDB option and create a Database Server for specific use using my application or is a different installation option required?
Secondly, can someone point me in the right direction of how to create a new Server for this purpose? All of my searches so far have provided results for creating a database only, and not the server.
I have a couple questions about what you are trying to do.
First, why are you installing SQL Server 2005? It was released almost a decade ago.
I would go with 2012 express edition.
http://www.microsoft.com/en-us/download/details.aspx?id=29062
Second, install the management tools. SSMS is a nice GUI to do work in.
Third, If you are spinning up anything other than express, there are licensing costs which are quite high. 9K for standard and 25K for enterprise per socket or such.
Here are the versions and features list from microsoft.
http://technet.microsoft.com/en-us/library/ms144275.aspx
Last but not least, having the express edition on another computer is fine. However, you will have to use a network protocol such as TCP/IP instead of shared memory.
It will take longer to send Tabular Data Stream (TDS) to the other computer versus talking to memory on the same computer.
http://social.msdn.microsoft.com/Forums/sqlserver/en-US/c4f06669-41fd-42e6-b4a9-564cf04ca9f7/how-to-choose-between-shared-memory-named-pipes-tcpip-via?forum=sqlgetstarted
Good luck with your project.
You can use a local instance of SQL Server just fine, if you want to set up a separate server for some reason then you'll need either a 2nd machine on which to install SQL Server, or to spin up a virtual machine. If running Windows 8 (and barring hardware limitations) you have Hyper-V at your fingertips.
This is not a complete answer for you but may give you some things to think about.
First you might want to think about your choice of database. If you don't have a compelling reason for using 2005 you will probably at least want to move to SQL Express 2008.
Second, to answer the part about creating a server... A server is something that serves data. In a general sense a computer configured to be contacted by external machines and respond with data is a server. A web server runs a program like IIS or Apache to respond with web pages. A database server contains a database and allows connections to that database. So as long as you install the database on a computer and configure it to allow external connections, you have your database server.
In MS SQL there are several things that need to be set up to allow a database to accept external connections. One is that the SQL Server Browser service will need to be active. Another is that the database itself will need to be configured to allow external connections (SQL Authentication type probably).
Hope this helps.
Addition:
SQL Remote Connection Configuration
Disclaimer, I don't have SQL Express 2005 installed but I think the settings are found in the same place in 2008. If the info here is not exact to SQL Express 2005, the general terminology used here should be enough to get you headed in the right direction to find the specifics.
While viewing the database in Server Management Studio or Enterprise Manager, right click the database server instance name (the root of the tree) and select properties. There should be a section title Connections and within this section there should be an option "Allow remote connections to this server". Make sure it is checked. The other setting you need in this properties menu is under the security area. There is a radio button for "Windows Authentication Mode" and "SQL Server and Windows Authentication Mode", you want the second that allows both.
The next step you have may be to create a new user, add a password, and connect the user to the database. That will give you the credentials you will use in your database connection string while programming. I usually add new users through the security section of the database then set the User Roles for each database that I need to connect to. It is good practice to limit the permissions to those needed by the application. Typically this is read and write, but sometimes you can get away with just read. The less the better.

How to share sql server 2008R2 database

I want to share my SQL Server 2008 R2 database between some computers on the same network without using a Server. How can I do so? I mean i just want two users access the same Database through A network or LAN. Both can use database,update database,delete data from database
is it possible ?
The file: mdf MS SQL can not be shared directly.
Although, once installed MS SQL any user with privileges on the database can access it.
It is not necessary to share the MDF file. MS SQL is responsible "sharing" the users enter data accessing it.
Greetings.
SQL Server can only be installed on a Windows Server system (except for the Developer's edition, and SQL Express).
However, all versions (except CE) can be shared among multiple clients. Just start up the server, make sure that the TCP protocol is enabled (using the SQL Server Configuration Tool), and that your Windows Firewall is not blocking port 1433.
A server just happens to be a term used for otherwise a "normal" computer. The designation server usually means that it is dedicated for a certain task. Technically speaking, any computer can be a server--even your own workstation while you are using it for other tasks. So, just put the database on one of the user computers which is on the network (hence accessible to desired users on the network) and go for it.... Good luck!

MDF file security, lock and unauthorized access

I used SQL Server 2008 R2 database in my application, now I want to install the application for my friend. How can I block access to my database tables and stored procedures ?
I removed Windows authentication and SQL Server Management Studio just login with my own user or pass ! But what happen if he opens my database file in other Management Studio in other systems?
Your users should not have access (ACL permissions) to MDF files, ever. Not at all. They should, instead, have database access, and their account should be set to do what you want them to do, and not to do what you don't.
This is a pretty basic question, really; what you need to look into is SQL Server security, so you can figure out how and what to secure your database with users. But you also need proper file security, as I noted above.
Finally... your question makes me wonder; you do know that SQL Server is not necessarily meant to be installed on every single client system, right? You certainly can do that, but it's a server product. If you are installing it on a computer to which the user has admin rights, the game is pretty much over, really.

How to distribute SQL Server Database to clients

I have a WPF application that I want to deploy to client PCs via a Setup. My setup application will contain the .Net framework and SQL Server Express 2008 edition and will install these on the client if needed and without user interaction.
Now I need a way to create the database and tables, etc... on the client without any user interaction.
Should I deploy the .MDF .LDF to the client PCs and attach the database to SQL Server Express?
Or should I create a script and run the script on the client to create the database and tables?
Plus, I need to ensure that the app.config settings are correct.
What is the best way to handle distributing a database to the client during a Setup.exe with user interaction?
If you're deploying a stand-alone application to desktop clients, forcing them to install SQL Server Express is the wrong choice. You're going to run into issues if SQL Server stops working on the client's PC.
You should instead use SQL Server Compact Edition (which doesn't require a server to be installed on the client's PC). You can include the database file as part of the installation process with all of the blank tables and everything already created.