I wish to ship SQL server database file with my application. I am very very new to SQL.
1) I do not know how to protect this file from being opened.
2) If this file is emailed, can anybody read it?
3) Is there any possibility of protecting it like Access database is password protected so even emailed, no one can open it.
Thanks
Furqan
Regular SQL Server database files (.mdf, .ldf) aren't intended to be shipped with your application and installed locally - they are intended to be used on a SQL Server instance, running in a secure environment where typical users don't have physical access to the files per se.
As such, .mdf/.ldf files cannot really be protected by a password or anything like that - you can define users and their permissions, but that only applies to the permissions inside the database - not the database file(s) itself.
For your scenario, I guess you'd be better off with SQL Server Compact Edition - an in-process (just a bunch of DLL's), one-file-for-your-entire-database (*.sdf) kind of database - much more closely an Access replacement than the full-fledged SQL Server.
The documentation clearly states:
SQL Server Compact Edition was
designed from the beginning assuming
the user had access to the physical
file. Without an additional security
mechanism, the user could bypass your
application and use tools such as
MSQuery to view and edit the raw data.
SQL Server Compact Edition supports
the ability to password protect and
encrypt the data file, thereby
limiting access to your application
which embeds the password. The
password protection of the database
file adds a layer of protection that
travels with the file, making it
harder to access the data in the event
a rogue user obtains the file.
Read more about SQL Server Compact 3.5 and you might also want to check out the SQL Server Compact blog which discusses the latest developments (SQL Server Compact 4.0 is in testing right now).
1) Assign a username and password to through SSMS or Enterprise Manager
2) No, because of [1]
3) Yes, because of [1]
Just to be doubly sure: take the database offline, zip encrypt .mdf file, and send it
If you ship it - than someone on the other end need to open and install it.
You can protect the file using zip software with password, and tell it to the other party on the phone.
1) Even if you protect it before it is added to the SQL server the user will be able to get into the database once it is loaded and running on the server.
2) Possible, but why would you want to email a database file?
3) When you email it you can add it to an archive with password, like a password protected zip file.
Related
This question already has an answer here:
Forgot the username and password of *fdb (firebird) database. Is there anyway I can crack this database?
(1 answer)
Closed 4 years ago.
I got a computer which has already installed Firebird database 2.0. And now I need to open fdb files which are Firebird database files just on this computer. So what I need is to get the password of Firebird server.
I've tried the default user and password :SYSDBA and masterkey and it doesn't work.
I've also tried to copy the fdb files to another computer on which I installed the same version Firebird. Those files can be opened on that computer, but what I need is to get the username and password and connect to database on this machine rather than open on another computer.
Error: Your user name and password are not defined.Ask your database
administrator to set up a Firebird login.
I will assume you computers run under Microsoft Windows.
Things are a bit different in UNIX w.r.t. location of security database and details of using Embedded edition of FB.
However before the question got edited Windows was specified: https://stackoverflow.com/revisions/53881670/1
I've tried the default user and password :SYSDBA and masterkey and it doesn't work.
In which program?
If there is some 3rd-party application its login/password pairs might well be different from ones of the Firebird server itself.
security2.fdb in the Firebird 2.x installation folder contains users and password hashes.
So, depending upon what you actually need, you have two ways:
Remove all passwords, except for SYSDBA/masterkey. That is: remove the Firebird. Ensure that "security database" was removed too (if not - rename it or move to another folder). Reinstall Firebird afresh. Would let you peep into the database using development tools (IBExpert/FlameRobin/FirebirdMaestro and so forth) but would probably screw any 3rd-party applications that used that database (as that application's users would be no more existing in the FB server).
Clone users/passwords from old computer to new one. That is, after installing matching Firebird versions on both computer you would have to STOP the FB service on both computer, then copy the "security database" from old to new computer, then START the FB service on both computers.
This would probably make the 3rd party application work, but not let you use SYSDBA/masterkey with development tools.
In both cases you would also have to look into UDF sub-folder in Firebird installations - if there are some non-standard plugin DLLs there you might need to copy them to the new Firebird installation too, as some parts of the database might be dependent upon those (or not, but you do not know before you open the database).
Actually, there might be yet another route for a short-term peeping into the database. Download and unpack Firebird 2 Embedded edition. STOP (temporarily or even forever) the normal Firebird service on that computer (so the database file would no more be locked). Use the embedded Firebird (fbEmbed.dll) as the "client library" in one of the aforementioned developer tools. With Embedded server editions user password just does not matter.
I have created a Windows Application in Vb.Net using MS Access 2007 database. I want it to be secured in such a way that the user who uses the application must not be able to see its content or access it. Protecting the file with password isn't a secure way.
Need help to secure and protect the MS Access database.
You said that protecting the file with password is not a secure way. Why? If that's not the secured way for you, you can encrypt all your records using some sort of algorithms. You can also hide the database file on the other directory (not on the same location as you EXE file).
I have this problem, I can create a setup for my app/database but everyone can open the backend file which is an MS Access database. I want it so we can only access the database using the frontend app. Please help me ...
You will need to create a separate front end app that accesses the database, and keep the database file somewhere secure where direct access to it is limited/restricted. You should also password-protect the file in case someone does manage to get it See tip #10 here: https://web.archive.org/web/1/http://blogs.techrepublic%2ecom%2ecom/10things/?p=552 for info about password protection (though you might find the other tips useful as well).
Whatever you do, don't rely on Access password protection. It can be cracked in minutes by tools freely available on the internet.
I would get Garry Robinson's book Real World Microsoft Access Database Protection and Security
It is the most comprehensive guide to securing an Access database that there is.
A first step, however, would be to put the backend file in a restricted folder.
I'm assuming some sort of security constraint, but if I have access to all folders on a PC, why allow some folders and not others.
What is the criteria for a folder being a valid backup / restore / attach folder?
Any advice appreciated!
Is not you who must have access, but the SQL Server service account. The engine must be able to attach the file after a restart when you are not logged in, so it cannot use your credentials, it must use its own credentials.
A valid backup/attach folder is one on which the SQLServerMSSQLUser$ComputerName$InstanceName user has full control. The Setup creates a set of folders that are correctly configured, see Setting Up Windows Service Accounts:
Instid\MSSQL\backup Full control
Instid\MSSQL\binn Read, Execute
Instid\MSSQL\data Full control
Instid\MSSQL\FTData Full control
Instid\MSSQL\Install Read, Execute
Instid\MSSQL\Log Full control
Instid\MSSQL\Repldata Full control
100\shared Read, Execute
Instid\MSSQL\Template Data (SQL Server Express only) Read
It matters less what folders you have access to than what folders SQL Server has (or should have) access to. Folders in private locations on the drive (like in a user's home directory) aren't necessarily accessible by the user that SQL Server runs as.
I would like to make a complete backup of my whole joomla 1.5 based site from time to time. How would this ideally be done? Are there any common pitfalls? Not that I only have ftp access to the hosting server. Is there a step by step tutorial somewhere? I am using latest Joomgallery and Kunena 1.0.9 (Legacy mode).
Maybe there is a good way to automate this?
There's two parts of the backup you have to worry about, the database and the files.
The first part is the database. It can be backed up using something like phpMyAdmin. If you don't have this available on your server already, it's not too hard to upload and get it going yourself. From there, you can just Export the entire database to a gzip file.
The second part is the code and uploaded files. The code base shouldn't change too often, so you could probably just make one backup of this. There's a number of ways. The simplest is to just download the entire folder via FTP, though if you're Linux, I'm sure someone will know a single command line to get all the changed files (rsync?).
The database is the main thing you have to worry about though: everything else should be able to be rebuilt just by reinstalling.
I think this: http://www.joomlapack.net/ is what you need. I use it myself and it works like a charm. Both for backups and for moving my Joomla installations from developer sites and to the real site.
get an FTP synchronisation tool and keep an up-to-date copy of your site locally. Then you could run the batch script
mysqldump -hhost -uuser -p%1 schema > C:\backup.sql
to create a backup of your mysql tables at various points in time.
edit
you would have to have MySQL Server installed on your local machine and path to its bin directory in you PATH, in order to run the mysqldump command without much hassle. -p%1 would take the command-line provided password, as you wouldn't want to store passwords in your batch script.
If you only have FTP access you are in a bit of a problem, as beside all files you'll also have to backup the database. Without accessing the database, a full-backup won't do you any good.
Whatever backup strategy you choose - be sure it can handle UTF-8 correctly. Joomla 1.5 stores all content with UTF-8, even when the database charset is set on 'iso-5589-1' - so when the backup solution is detecting the database charset, some characters like € or é will result in "strange" ¬ / é - not really what you'll want.
I absolutely endorse using Joomlapack - it works great. The optional remote tools allow you to initiate the backup from a Windows desktop machine - it performs the backup and downloads it. The remote has a scheduler, and you can also set it off to backup and download a list of sites.
Joomlapack also provides a file "kickstart.php" which you copy to your empty server account along with the backup, which automates the restore procedure. You do have to create an empty database with PHPMyAdmin or similar, and you are given the opportunity to supply the database parameters (host, database, username, password) during the process.
One pitfall I did run into with this though is that some common components can have absolute URLs in their configuration - e.g. SOBI2, Virtuemart. It's then just a matter of finding the appropriate configuration file, editing it and re-uploading it.
Another problem was one archive file (either ZIP or their JPA format) got a filename with a "?" character in it (from a Linux server) and this caused a bit of a problem trying to install it locally on a Windows WAMP stack - the extract process on the ZIP file failed, and it stopped the process completing cleanly.
I suggest using automatic backup service by http://www.everlive.net
Update:
Ok, here is some more information. EverLive.net is a website where you can create a free account. Enter your website details and you are ready to take your backups withe just one click. Restore is also possible in the same way.
Further you can use automatic backup option to take automatic backups at defined intervals. Other than that, you can use the website health check service to inform you if your website is not available.