如何通过查看数据库对象来保护数据库。 [英] How to secure database by looking database objects.

问题描述

我有一个在WPF中创建的应用程序。在该应用程序中，需要在该PC中设置数据库。



所以我创建了安装程序，以便在安装MS SQL时安装或不安装。如果安装然后创建数据库并执行表和存储过程脚本，那么它将设置数据库。



现在我关心的是安全性，我们如何保护我的数据库代码脚本和表格。因为它在客户端PC上，所以我不希望任何人看到数据库逻辑。



所以任何人都可以帮忙解决这个问题。



提前致谢。

I have one application which is created in WPF. In that application it is require to setup database in that PC.

So I have created setup such that it check at time of installation MS SQL install or not. If installed then create database and execute table and store procedure script so it will setup database.

now what my concern is about security, How we can secure my code of database script and table. because it is on client PC so I don''t want anybody can see database logic.

so can anybody help to work around this stuff.

Thanks in advance.

推荐答案

如果将数据库部署到客户端，则无法真正隐藏数据和结构。 SQL Server已加密功能 [ ^ ]在，但我怀疑你会将这样的事情部署到用户身上。对于任何其他版本，数据库文件是可传输的，因此将其附加到用户具有管理员权限的其他实例将授予完全访问权限。但总的来说，这是不必要的。

但是你可以使用 EFS在文件系统级加密SQL CE数据库。 [ ^ ]（参见：http://blogs.msdn.com/b /stevelasker/archive/2008/05/14/security-and-encryption-for-sql-server-compact.aspx [ ^ ]）或新的内置功能： http://msdn.microsoft.com/en-us/library/ms171955.aspx [ ^ ]。



所有方法都有其局限性。


这也是本主题中非常有用但复杂的文献： http://msdn.microsoft.com/en-us/library/cc837966(v = sql.100）.aspx [ ^ ]

You can not really hide data, and structure if you deploy database to the client. SQL Server has encryption features[^] from Enterprise edition on, but I doubt you will deploy such thing to the users. With any other edition, the database file is transportable, thus attaching it to an other instance where the user has administrator privileges will grant full access. But in general even this is unnecessary.
You can however encrypt database of SQL CE on file system level using EFS[^] (see: http://blogs.msdn.com/b/stevelasker/archive/2008/05/14/security-and-encryption-for-sql-server-compact.aspx[^]) or the new built-in features: http://msdn.microsoft.com/en-us/library/ms171955.aspx[^].

All approaches have their limitation.

This is also a really useful, but complex literature in this topic: http://msdn.microsoft.com/en-us/library/cc837966(v=sql.100).aspx[^]

您可以使用加密程序 WITH ENCRYPTION ：

You can encrypt your procedures using WITH ENCRYPTION:

CREATE PROCEDURE MyProcedure
WITH ENCRYPTION
AS

.....

这不是100％安全，但它是'总比没有好......

This is NOT 100% secure, but it''s better than nothing..

这篇关于如何通过查看数据库对象来保护数据库。的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！