Best Method To Secure Data From Users

Question

I'm porting an old program into C# and would like to revise how I store user data.  Currently, the existing program stores the user logs in their user/app data/[program name].  I'd like to record all of the different users data for that PC in one location  - bob, ted, and alice would have all their data stored in the same location. 

The existing version uses several files - one file for global software config (all users/app_data...),  one file for user-specific data, and one file for the specific users log file.

I'd like to eliminate file usage and replace that with database usage.  MS Access seems the way to go. It's light, I don't have a lot of data to collect, and I can easily expand some of my functionality within the program due to the DB component.

That brings me to the following two questions;
1. Would it be better to store it in users/app_data/programs/[program name] or c:/program data/[program name]?
2. I don't want the users to delete the access database, as a way of clearing their log, unless it's for a standard uninstall.  Some might try.  Now, that gives me a few options;
- a. password protect the mdb file.  This way they can't open to tables and delete what they want. (I'll do this anyway regardless of other options.)
- b. keep a connection open to the database so they can't delete it.  I hate this idea.  I don't like open connections.
- c. keep a copy of the db somewhere and automatically replace it if it's deleted  - folder/file change hook should do it.
- d. set folder permissions to deny delete authority.  I don't know if this is practical - and if/how it could be done.
- e. ???
What is the best way to prevent them from deleting it?

Answer 1

Consider writing your own C++ MFC GUI to interact with the database. That way, the MDB file is relatively invisible to the users, and only the functionality you want to grant is accessible. You can setup access privileges to the MDB itself to require administrator or some special user, and then elevate your C++ MFC GUI to administrator privileges. If they go at the MDB directly, they are blocked. If they go at the MDB using your GUI, the GUI only allows the functionality you want.

Answer 2

I would highly recommend SQL Server instead of Access. There is a free version of SQL Server now (SQL Server Express).

http://www.microsoft.com/express/sql/Default.aspx

If it is for one user, you can install the database in the same directory as the application.

Here is a walk through if you are interested:

http://msdn.microsoft.com/en-us/library/ms233763.aspx

Hope this helps.

---

www.insteptech.com ; msmvps.com/blogs/deborahk
We are volunteers and ask only that if we are able to help you, that you mark our reply as your answer. THANKS!

Answer 3

Using SQL Server though, doesn't that require that an instance of SQL server is running on the users computer?  That also requires they have some sort of SQL Server client, right?    (I read the walk-though you listed).

This is why I like the lightweight value of Access.  If SQL Server could work the same way, that would be great.

Answer 4

Then you may be more interested in SQL Server Compact edition. It is an embedded database.

Here is a link to more information:

http://www.microsoft.com/Sqlserver/2005/en/us/compact.aspx

Hope this helps.

---

www.insteptech.com ; msmvps.com/blogs/deborahk
We are volunteers and ask only that if we are able to help you, that you mark our reply as your answer. THANKS!