Please start any new threads on our new
site at https://forums.sqlteam.com. We've got lots of great SQL Server
experts to answer whatever question you can come up with.
| Author |
Topic |
|
pythagoras
Starting Member
3 Posts |
 Posted - 2011-10-03 : 11:23:27
|
| We want to be able to distribute a sql server 2005 express database with a vb6 application. The install creates a named instance of sql server 2005 express. It then attaches the pre-packaged database to this instance.This database should only be alterable via the front end app using a sql server login and password stored in the vb6 application, that is unknown to the user.(This is important as the front end program enforces regulations and thus enables users to claim that their data is valid).In particular what we don't want possible is for someone to just install another instance of sql server express with windows authentication security and attach our database to it and have read/write access to the database using maybe SSMS.I am having trouble understanding security but I don't seem to be able to find a way to make our distributed database inaccessible in this way.Is it possible and if so could someone please point me in the right direction?Thanks for reading |
|
|
TG
Master Smack Fu Yak Hacker
6065 Posts |
Posted - 2011-10-03 : 16:06:16
|
| So your client(s) are hosting this application and database on their machines? Any admin will have complete access to the database - as they should. The users however should not and you will need to communicate that with your client's admin/dba folks. The only db user defined for the application db should be your application account. All application users (client's employees) should not have access to the sql server box at all. Books Online - Security and Protection (database engine)Be One with the OptimizerTG |
 |
|
|
pythagoras
Starting Member
3 Posts |
Posted - 2011-10-03 : 17:54:33
|
| Thank you for your reply.I think I understand a bit better now.<<Any admin will have complete access to the database - as they should.>>The problem is that our users are small businesses who in the event that they face litigation wish to be able to assert that they have no means of altering data except via our software (which doesn't allow records to be altered after the date of entry)Distributing our own Jet/Access .mdw and .mdb files allows us to do this currently. It looks like such a scenario is not possible with sql server |
|
|
|
Kristen
Test
22859 Posts |
Posted - 2011-10-03 : 19:41:35
|
| Your clients could employ a hacker if they wanted to and thereby create dishonest and fraudulent audit records ... I don't see that allowing a trusted Admin access to the database is a problem for a court of law. The DBA's in big companies could change anything they wanted to - although changing data such that all backups etc. portrayed a chronologically accurate, but fraudulent, record would take some doing! |
|
|
|
tkizer
Almighty SQL Goddess
38200 Posts |
|
|
|
|
|
Prevent users from altering data