| Author |
Topic |
|
jooorj
Posting Yak Master
126 Posts |
 Posted - 2011-07-08 : 04:50:56
|
| how can I prevent any customer logining as administrator ,from change database & tables ? |
|
|
webfred
Master Smack Fu Yak Hacker
8781 Posts |
Posted - 2011-07-08 : 04:53:24
|
change the admin password 
No, you're never too old to Yak'n'Roll if you're too young to die. |
 |
|
|
Lumbago
Norsk Yak Master
3271 Posts |
Posted - 2011-07-08 : 04:54:45
|
| Implement DDL triggers:http://msdn.microsoft.com/en-us/library/ms186406.aspxHowever; if the administrator has SA privileges, implementing ddl triggers will only be a temporary obstacle. There is nothing you can do to prevent a system administrator account to do stuff.- LumbagoMy blog-> http://thefirstsql.com/2011/07/08/how-to-find-gaps-in-identity-columns-at-the-speed-of-light/ |
|
|
|
jooorj
Posting Yak Master
126 Posts |
Posted - 2011-07-08 : 12:43:32
|
| if I can not, then how can I sell my application, so the customers may change database or make some changes on my work,I think then I should use another Database which is more scure than SQL,is this another bug in Microsoft :) |
|
|
|
robvolk
Most Valuable Yak
15732 Posts |
Posted - 2011-07-08 : 13:40:01
|
quote:
is this another bug in Microsoft
No. There is no bug in granting an administrator total access, that's their job. Every database product, operating system, and most security procedures have a "root", "god" or "admin" access, otherwise they cannot function. This does not mean it's not secure.Look at it this way: it's their server, on their property, hosting their data, why shouldn't they be able to access it? Would you buy a box of cereal, or bag of potato chips, that restricted how (and how much) you're allowed to eat from it?The way you prevent customers from modifying your database structure and code is through a software license agreement. If they go and change it, you then take legal action, and/or refuse them further support. |
|
|
|
webfred
Master Smack Fu Yak Hacker
8781 Posts |
Posted - 2011-07-08 : 13:44:31
|
quote:
Originally posted by robvolk
quote:
is this another bug in Microsoft
No. There is no bug in granting an administrator total access, that's their job. Every database product, operating system, and most security procedures have a "root", "god" or "admin" access, otherwise they cannot function. This does not mean it's not secure.Look at it this way: it's their server, on their property, hosting their data, why shouldn't they be able to access it? Would you buy a box of cereal, or bag of potato chips, that restricted how (and how much) you're allowed to eat from it?The way you prevent customers from modifying your database structure and code is through a software license agreement. If they go and change it, you then take legal action, and/or refuse them further support.
Where is the Like Button?I like this post
No, you're never too old to Yak'n'Roll if you're too young to die. |
|
|
|
Lamprey
Master Smack Fu Yak Hacker
4614 Posts |
Posted - 2011-07-08 : 15:02:56
|
| Just do what Apple does.. Make them sign a heavy-handed EULA. Or you can put your proprietary stuff in code outside the database. |
|
|
|
robvolk
Most Valuable Yak
15732 Posts |
Posted - 2011-07-08 : 15:11:04
|
| Better yet, design your database well and use excellent coding practices, so much so that you'd be proud for people to look at it.9 out of 10 people who try to prevent clients from stealing their code/designs write complete shit that isn't worth stealing. |
|
|
|
GilaMonster
Master Smack Fu Yak Hacker
4507 Posts |
Posted - 2011-07-08 : 15:25:22
|
quote:
Originally posted by jooorj
is this another bug in Microsoft :)
You keep using that word. I don't think it means what you think it does.--Gail ShawSQL Server MVP |
|
|
|
Aleph_0
Yak Posting Veteran
79 Posts |
Posted - 2011-07-08 : 17:49:27
|
quote:
Originally posted by GilaMonster
quote:
Originally posted by jooorj
is this another bug in Microsoft :)
You keep using that word. I don't think it means what you think it does.--Gail ShawSQL Server MVP
No more rhymes now, I mean it! |
|
|
|
robvolk
Most Valuable Yak
15732 Posts |
Posted - 2011-07-08 : 19:02:58
|
| Truly, you have a dizzying intellect. |
|
|
|
Michael Valentine Jones
Yak DBA Kernel (pronounced Colonel)
7020 Posts |
Posted - 2011-07-09 : 18:36:47
|
quote:
Originally posted by jooorj
if I can not, then how can I sell my application, so the customers may change database or make some changes on my work,I think then I should use another Database which is more scure than SQL,is this another bug in Microsoft :)
Based on your track record, maybe your customers should be trying to figure out how to lock you out of their systems:http://www.sqlteam.com/forums/topic.asp?TOPIC_ID=162507CODO ERGO SUM |
|
|
|
SwePeso
Patron Saint of Lost Yaks
30421 Posts |
|
|
jooorj
Posting Yak Master
126 Posts |
Posted - 2011-07-11 : 05:09:53
|
| Thank you,It is simple to change to another databse than rewriting scripts or some codes,suppose that the customer change the table name, and then tell you that he does n't change it.and he may is lying.but my product then will be stopped.please answer me logically. |
|
|
|
GilaMonster
Master Smack Fu Yak Hacker
4507 Posts |
Posted - 2011-07-11 : 05:20:44
|
| Licence agreement. Audit triggers. Error reports. Refusal to support. Legal action. Really it's dead trivial for an app to tell that the table name changed and send errors/log errors. The user may say they didn't but if the app shows that the table was there one minute, gone the next there are very few potential causes.--Gail ShawSQL Server MVP |
|
|
|
GilaMonster
Master Smack Fu Yak Hacker
4507 Posts |
Posted - 2011-07-11 : 05:22:26
|
| And if you're talking about changing to Oracle, MySQL or any of the other major DB engines, you'll find they all have this 'bug'. Administrators have full control.--Gail ShawSQL Server MVP |
|
|
|
DonAtWork
Master Smack Fu Yak Hacker
2167 Posts |
Posted - 2011-07-11 : 10:20:45
|
quote:
Originally posted by robvolk
Better yet, design your database well and use excellent coding practices, so much so that you'd be proud for people to look at it.9 out of 10 people who try to prevent clients from stealing their code/designs write complete shit that isn't worth stealing.
Rob is my Hero!  http://weblogs.sqlteam.com/jeffs/archive/2008/05/13/question-needed-not-answer.aspxHow to ask: http://weblogs.sqlteam.com/brettk/archive/2005/05/25/5276.aspxFor ultra basic questions, follow these links.http://www.sql-tutorial.net/ http://www.firstsql.com/tutor.htm http://www.w3schools.com/sql/default.asp |
|
|
|
jooorj
Posting Yak Master
126 Posts |
Posted - 2011-07-14 : 01:40:58
|
| Ok,Thanks for all |
|
|
|
|
prevent customer from changing database