Home Dashboard Directory Help
Search

Protect .mdf file with Password so no one open without Password. by Harshad7_jp


Status: 

Closed
 as Postponed Help for as Postponed


1
0
Sign in
to vote
Type: Suggestion
ID: 234979
Opened: 11/2/2006 9:42:16 PM
Access Restriction: Public
1
Workaround(s)
view

Description

I use SqlExpress 2005 edition create DataBaseName.mdf. This file distribute to client which is third party contract base user. If this file attaches any Sqlserver then open Database of that sql server password. That is not Authorize person or sql Administrator. I want to open database only that Person who is created no any type of other user open it if he get .mdf.
Details
Sign in to post a comment.
Posted by Microsoft on 11/10/2006 at 2:54 PM
I think you are combining two requests into one:

(1) a request to be able to identify application (you mentioned "valid application"). Such validation cannot be done by SQL Server today. Such validation would require OS support, so you should look and see if such request was not already opened for Windows.

(2) a request to protect the data in the mdf file. The only way to really protect it is to encrypt the file. We are already tracking such request for encrypting mdf files.

So, for (1) I suggest to search the current Windows feedback reports and open a new one, if you don't find one already opened for this issue. For (2), we already track this request under a different item.

Thanks

Posted by Harshad7_jp on 11/8/2006 at 2:37 AM
My Requirement is only one:

I can distribute database with secure way so no one known about database structure & data that is check only connecting time if valid application then connect.(Here I give Stronger Password because one time)

This is achieving two way:
1) Password protect .mdf file.
2) My knowledge Encrypt data inside database that require field level encryption I have no problem if MS Sql Support. If do in front side coding then create problem is like where condition , filter, group in stored procedure because first require decrypt field then apply operation. That is performance over head. Os I not prefer.        

Posted by Microsoft on 11/7/2006 at 3:33 PM
Considering this is a request for a password protected mdf file, we will close it as Won't Fix. If the request was for encryption of the database file, we are tracking such suggestions already under a separate item.
Posted by Microsoft on 11/6/2006 at 6:04 PM
Yes, but if you do not encrypt the data, then it is still readable inside the mdf file. An attacker can always read the mdf file without attaching it, or it can easily modify it so it can be attached.

Password protection of a file is only effective if the password is used to encrypt the sensitive contents of that file.


Posted by Harshad7_jp on 11/4/2006 at 5:01 AM
If I protect data using encryption it create two overhead one is performance & second code for encryption & decryption. if i protect .mdf then that only first time connection is slow onworad it is fast.
Posted by Microsoft on 11/3/2006 at 6:37 PM
Could you comment a little more on your proposal?

Note that you can already encrypt data inside your database, which would protect it from an attacker that gets a copy of it.
Posted by David Portas on 11/3/2006 at 7:37 AM
If you cannot protect your files using file system security then the way to protect your data is to encrypt it - something already possible with SQL Express. That won't protect your code or schema however.
Sign in to post a workaround.
Posted by TamusJRoyce on 8/10/2011 at 6:44 AM
My work-around is to encrypt the entire file(s) myself. Then have my program unencrypted it, copying it to a .mdf once the password is given in the application, and then attach it. My only issue would be if that users directory is shared, then someone can get a hold of the database unencrypted.

But I assume similarly enough that if a user unsecured the sql server so any anonymous user can log in, the same issue could happen. So encrypting/decrypting to the users local database is good enough security without being able to block non-authenticated users accessing a authenticated users sql server directly.