I developed a Winforms application with SQL Server 2008 R2 database for one my friends.
When I deployed & installed it on my friend's PC; software clearly shows database file. If he open that file in SQL Server, then he can able to watch my SQL queries, tbl structures etc.
I just want to hide all this from my clients.
How can I do this?
I search some of software on Internet. When I installed it on my PC; it not showing me any database file. How they do it?
Please help me.
If your application and database are both deployed on your friend's PC, there's almost nothing you can do to truly block him/her from getting to your database.
There is no feature in SQL Server that blocks schema view from an authorized user (e.g. admin) and if you own the machine, you can present yourself as admin to SQL Server in multiple ways even if you were not originally added to the admin role or given SA account access. You can setup hurdles like putting everything in stored procedures then encrypting the SP but it's just a small hurdle, not a wall.
This is not unique to SQL Server, the same issues apply to pretty much any RDBMS in the market. If you own the box, it's not hard to get to the DB contents. Software vendors have been trying do this for decades and most just give up and protect their IP legally instead. That's no consolation for you but it is reality.
If using a service like Azure is viable, you can host your app in Azure and the database can be Azure SQL DB or a regular SQL Server in a VM. I'd recommend the former if the feature set and surface area work for you; it's not identical to the SQL Server box product you're accustomed to. However, it is far less work for you to manage and secure. With the app also in Azure, your friend and clients will access via a browser and never have direct access to the database. Even if the app is installed locally on your friend's or clients' machines, it's easy to design the app such that they can only access data and nothing else.
