Let's assume that I have a C# multi-user client-server application and SQL Server 2008 Express as the database. It's an application that is supposed to be installed on customer's PCs, where everyone who works for the company can have access, i.e. the physical access to the .mdf
file is free, so that one can easily copy the .mdf
file to his/her machine, attach it and view all the DB structure and stored procedures' code I have developed.
I've read lots of info regarding to this issue all directing me to use free EFS (Encrypting File System ) of Windows. Consequently, I achieved to encrypt my .mdf
file by a specific Windows user account which I created specially for this, set up a password for the user, so that no one can log on as my user and decrypt the file. Everything was fine, but I came across with dilemma that a user by which a customer logs on will almost always be in Local Admin group, so they can easily reset password for my user and log on as my user to decrypt the file. I can not exclude their user from admin group.
Could anyone help me out solve this problem, please? Or maybe there is a possibility to decrypt the file without having created additional user so that they could not decrypt the .mdf
file?
I would really appreciate any help!