Protect .mdf file with Password so no one open without Password. - by Harshad7_jp

Status : 

  Postponed<br /><br />
		Due to current priorities, the product team decided to postpone the resolution of this item.<br /><br />
		A more detailed explanation for the resolution of this particular item may have been provided in the comments section.

Sign in
to vote
ID 234979 Comments
Status Closed Workarounds
Type Suggestion Repros 0
Opened 11/2/2006 9:42:16 PM
Access Restriction Public


I use SqlExpress 2005 edition create DataBaseName.mdf. This file distribute to client which is third party contract base user. If this file attaches any Sqlserver then open Database of that sql server password. That is not Authorize person or sql Administrator. I want to open database only that Person who is created no any type of other user open it if he get .mdf.
Sign in to post a comment.
Posted by Laurentiu [MSFT] on 11/10/2006 at 2:54 PM
I think you are combining two requests into one:

(1) a request to be able to identify application (you mentioned "valid application"). Such validation cannot be done by SQL Server today. Such validation would require OS support, so you should look and see if such request was not already opened for Windows.

(2) a request to protect the data in the mdf file. The only way to really protect it is to encrypt the file. We are already tracking such request for encrypting mdf files.

So, for (1) I suggest to search the current Windows feedback reports and open a new one, if you don't find one already opened for this issue. For (2), we already track this request under a different item.


Posted by Harshad7_jp on 11/8/2006 at 2:37 AM
My Requirement is only one:

I can distribute database with secure way so no one known about database structure & data that is check only connecting time if valid application then connect.(Here I give Stronger Password because one time)

This is achieving two way:
1) Password protect .mdf file.
2) My knowledge Encrypt data inside database that require field level encryption I have no problem if MS Sql Support. If do in front side coding then create problem is like where condition , filter, group in stored procedure because first require decrypt field then apply operation. That is performance over head. Os I not prefer.        

Posted by Laurentiu [MSFT] on 11/7/2006 at 3:33 PM
Considering this is a request for a password protected mdf file, we will close it as Won't Fix. If the request was for encryption of the database file, we are tracking such suggestions already under a separate item.
Posted by Laurentiu [MSFT] on 11/6/2006 at 6:04 PM
Yes, but if you do not encrypt the data, then it is still readable inside the mdf file. An attacker can always read the mdf file without attaching it, or it can easily modify it so it can be attached.

Password protection of a file is only effective if the password is used to encrypt the sensitive contents of that file.

Posted by Harshad7_jp on 11/4/2006 at 5:01 AM
If I protect data using encryption it create two overhead one is performance & second code for encryption & decryption. if i protect .mdf then that only first time connection is slow onworad it is fast.
Posted by Laurentiu [MSFT] on 11/3/2006 at 6:37 PM
Could you comment a little more on your proposal?

Note that you can already encrypt data inside your database, which would protect it from an attacker that gets a copy of it.
Posted by navogel on 11/3/2006 at 7:37 AM
If you cannot protect your files using file system security then the way to protect your data is to encrypt it - something already possible with SQL Express. That won't protect your code or schema however.