0

I am building winForm c# desktop application, which will be distributed to users.

The app stores data in .mdf local db file.

how to prevent third party (competitors) to see db objects/structure in database file .mdf ? the local db is open to all !!!, no security for structure and no security for data !

for example in oracle there is a tool called "wrap" to generate obfuscated stored procedure, even dba will not be able to see textual code for stored procedure if owner used wrap tool.

in short how can I protect structure and encrypt data in local db file? is it possible?

Dev X
  • 353
  • 2
  • 15
  • http://stackoverflow.com/q/27138477/1070452 – Ňɏssa Pøngjǣrdenlarp Feb 29 '16 at 01:07
  • @Plutonix thanks for replying, however this way in your link is not applicable, because the app is distributed online, or on CDs ... I am asking about encryption and obfuscation structure and data not just preventing access file content by user, if there is another way or alternative to localdb but more secure so inform me please. – Dev X Feb 29 '16 at 18:26
  • First of all, the fact that your question is tagged 'c#' suggests that you're using .net, which means your code is managed. Which ultimately means that if someone wants to reverse-engineer your software, it would be extremely easy for them no matter what you do (except, perhaps, encrypting assembly with runtime string in c++, interop'ing to c++ to decrypt, and then assembly.load the results, but that would make working with your code somewhat hard). Does your app have some sort of a server? Or is the whole thing only local? – zaitsman Mar 01 '16 at 07:09
  • @zaitsman you are right, the way you mentioned in your comment for c# makes reverse-engineering harder, however my question focus on database file .mdf in local db standalone which will run without sql server at users PC's. Any one has .mdf file will be able to see all stored procedure and other objects like tables, views .... in it. it is equal to grant someone my database design, even no need to reverse engineering to check code in .mdf file !!! so again how to protect my code in ".mdf" file how to protect stucture and data in it? – Dev X Mar 01 '16 at 13:03
  • Well, the point i was making was that no matter how you encrypt the file, since your code is .net they can decrypt the whole thing by decompiling your code and copying your Decrypt() method – zaitsman Mar 01 '16 at 19:18
  • I've faced this problem too and no solution till now, but I need to tell @zaitsman that reversing engineering the app it is not really the problem because we can override it using any obfuscater like **Reactor** but the real problem is that a third party can attach the database into SSMS and read all objects and data, this is really what is need to be overridden! – Ahmed Suror Jan 30 '17 at 20:55

0 Answers0