0

I am developing a desktop app in c# using "entity framework database first approach" that is required to be highly secured i.e. no one can access its database without login into that application and no one can extract the data directly using database file. The database have 20 table. Although I Tried to encrypt the database but when the application will start i will have to decrypt the database file in order to connect and leave it decrypted until user tries to exit the application.

No offence, I am a noob to sql server and I want to create a highly secured sql server database for my c# desktop application that can only be opened by that application only. I know that there are two authentication model by which you can connect to a sql server i.e. windows authentication and mixed authentication. But i don't want my database to be opened using windows authentication.

Is there a way by which only one user can open the database with password?

Luser
  • 31
  • 3
  • You might be looking for this answer [SQL Server Login Disable windows authentication](http://stackoverflow.com/a/19974042/5725863) – Shakeer Mirza Apr 12 '17 at 09:44
  • [Always Encrypted](https://learn.microsoft.com/en-us/sql/relational-databases/security/encryption/always-encrypted-database-engine) is a feature that addresses some of your needs. It ensures the data is always encrypted, even at rest. From SQL Server 2016 it is included in all editions. – David Rushton Apr 12 '17 at 10:29
  • @ShakeerMirza what about when the application get distributed. – Luser Apr 12 '17 at 11:24

2 Answers2

0

if you used SQL compact the database server is only really there for your app, which is probably the closest, however it doesnt stop people taking the file and putting it into SQL express/server

Similarly: embedding sql express may help but again the files are still there.. and ..

If SQL is in an instance yes, you may control it with a username/password but anyone with admin rights to the instance can get in it.

You also would need to consider how they would backup the data

BugFinder
  • 17,474
  • 4
  • 36
  • 51
  • I don't mind access to my file, i will encrypt as user closes the application but while using the program the file will be dcrypted what about that time. – Luser Apr 12 '17 at 11:22
0

Yes. You can easily handle this. Go to Security >> Logins and then create an user with password. You can also give him access to a specific database. You can specify the Server Role section.

Shuvankar Saha
  • 60
  • 3