Database access limitation

I want to release an application that uses a SQL server database.
The access to this database should only be done and managed by my
application with an own authentication mechanism.
Nobody besides me (developer) should be able to access the database in any
way. Even the structure of the database should be invisible to anyone.
How can I reach this?
Is it necessary to add a special user to my database that is used by my
application? What about the standard databaseowner, have I to disable it or
limit its rights?
Is it necessary to add a special user to the SQL server instance or can it
be done just within my own database that is shipped with my application?
Where can I find a good tutorial for this kind of problem?
Please help.
Thanks a lot!
Hi
Have you considered using APPLICATION ROLE?
"Jochen Mller" <jochenmueller132355@.hotmail.com> wrote in message
news:er0CZcehFHA.3124@.TK2MSFTNGP12.phx.gbl...
> I want to release an application that uses a SQL server database.
> The access to this database should only be done and managed by my
> application with an own authentication mechanism.
> Nobody besides me (developer) should be able to access the database in any
> way. Even the structure of the database should be invisible to anyone.
> How can I reach this?
> Is it necessary to add a special user to my database that is used by my
> application? What about the standard databaseowner, have I to disable it
or
> limit its rights?
> Is it necessary to add a special user to the SQL server instance or can it
> be done just within my own database that is shipped with my application?
> Where can I find a good tutorial for this kind of problem?
> Please help.
> Thanks a lot!
>
|||Jochen,
Application roles might be a way to go here, or use a standard SQL login
and don't share the password.
Bear in mind that an administrator of the machine will be able to access
SQL Server if the BUILTIN/Administrators group is a member of the
sysadmin role.
Mark Allison, SQL Server MVP
http://www.markallison.co.uk
Looking for a SQL Server replication book?
http://www.nwsu.com/0974973602m.html
Jochen Mller wrote:
> I want to release an application that uses a SQL server database.
> The access to this database should only be done and managed by my
> application with an own authentication mechanism.
> Nobody besides me (developer) should be able to access the database in any
> way. Even the structure of the database should be invisible to anyone.
> How can I reach this?
> Is it necessary to add a special user to my database that is used by my
> application? What about the standard databaseowner, have I to disable it or
> limit its rights?
> Is it necessary to add a special user to the SQL server instance or can it
> be done just within my own database that is shipped with my application?
> Where can I find a good tutorial for this kind of problem?
> Please help.
> Thanks a lot!
>
|||You can deny all permissions to users except exec permissions on the
stored procs for data access. Or you can use application roles.
You can't hide the data and structure from SYSADMINs or administrators
on the server. You just need to make sure that only appropriate people
have that level of access.
David Portas
SQL Server MVP
|||Thanks for your reply!
Is my conclusion right:
My customer needs to administer his SQL server (e.g. database backup).
Therefor I have to give him access also to my database. That means that at
each installation at least the administrator can see my database structure.
But how can I protect my intelectual property (database design)?
With my older ACCESS database files I made database encryption and so really
nobody besides me could see any data or structure. Is this not possible with
SQL server?
"David Portas" <REMOVE_BEFORE_REPLYING_dportas@.acm.org> schrieb im
Newsbeitrag news:1121067494.770514.253430@.g43g2000cwa.googlegr oups.com...
> You can deny all permissions to users except exec permissions on the
> stored procs for data access. Or you can use application roles.
> You can't hide the data and structure from SYSADMINs or administrators
> on the server. You just need to make sure that only appropriate people
> have that level of access.
> --
> David Portas
> SQL Server MVP
> --
>
|||> But how can I protect my intelectual property (database design)?
With a licence agreement.

> With my older ACCESS database files I made database encryption and so really
> nobody besides me could see any data or structure.
You are mistaken. The Access encryption option is feeble. It's a
trivial task to bypass it with tools freely available online. What you
are really saying is that your customers lack the IT competence or the
incentive to bypass the "security" of your application. To manage a SQL
Server a higher level of competence is expected. The admin's job
requires that he/she can access your database so unless you want to
host the application yourself and provide all the operational support
for it you must assume that you cannot and should not prevent that
access.
David Portas
SQL Server MVP
|||Hi
For Access, there are enough tools out there that would crack the encryption
in seconds. If someone has physical access to your DB, they can look at it,
be it SQL Server or Access.
Regards
Mike Epprecht, Microsoft SQL Server MVP
Zurich, Switzerland
MVP Program: http://www.microsoft.com/mvp
Blog: http://www.msmvps.com/epprecht/
"Jochen Müller" wrote:

> Thanks for your reply!
> Is my conclusion right:
> My customer needs to administer his SQL server (e.g. database backup).
> Therefor I have to give him access also to my database. That means that at
> each installation at least the administrator can see my database structure.
> But how can I protect my intelectual property (database design)?
> With my older ACCESS database files I made database encryption and so really
> nobody besides me could see any data or structure. Is this not possible with
> SQL server?
>
> "David Portas" <REMOVE_BEFORE_REPLYING_dportas@.acm.org> schrieb im
> Newsbeitrag news:1121067494.770514.253430@.g43g2000cwa.googlegr oups.com...
>
>