locked
Hiding the database RRS feed

  • Question

  • Hello,
    The application was developed in .NET and SQL 2005. Originally, we'd thought that it'd be a web-based application (i.e. the SQL database will be hosted by us and users can connect to it).

    But some clients want the database to be hosted on their computer itself. Of course the application needs the database to run, however, by putting the database on the client's machine we will lose control of our data.

    I cannot find an easy way that SQL provides to allow only the application to access the data, but not humans.

    Nothing is altered in the database--we are simply reading data from the SQL table, so should we explore other things (indexed flat files?) to make this into a software product without losing control over the data?  The Database size is around 30GB.


    Regards
    Satish
    • Moved by Bob Beauchemin Tuesday, February 2, 2010 6:24 AM Moved to a more appropriate group (From:.NET Framework inside SQL Server)
    Tuesday, February 2, 2010 5:16 AM

Answers

  • I  cannot find an easy way that SQL provides to allow only the application to access the data, but not humans.

    -- Write a connection string to connect to the database engine and make sure you don't grant any access to other users. And whenever application connects to the db engine ,it only comes under the context of security defined in the connection string.
    Some info on it - http://msdn.microsoft.com/en-us/library/ms190944.aspx
    http://msdn.microsoft.com/en-us/library/ms998300.aspx



    Thanks, Leks
    Tuesday, February 2, 2010 6:41 AM
  • In addition to Leks' comments:

    Everything is an application. There's no way for a "human" to connect to SQL Server except throuh an application. Managent Studio, for instance, is also an application. So, the question is really about *differentiating* applications. I can think of two possible options here. Application Roles and Logon Triggers.
    Tibor Karaszi, SQL Server MVP | http://www.karaszi.com/sqlserver/default.asp | http://sqlblog.com/blogs/tibor_karaszi
    Tuesday, February 2, 2010 8:24 AM

All replies

  • I  cannot find an easy way that SQL provides to allow only the application to access the data, but not humans.

    -- Write a connection string to connect to the database engine and make sure you don't grant any access to other users. And whenever application connects to the db engine ,it only comes under the context of security defined in the connection string.
    Some info on it - http://msdn.microsoft.com/en-us/library/ms190944.aspx
    http://msdn.microsoft.com/en-us/library/ms998300.aspx



    Thanks, Leks
    Tuesday, February 2, 2010 6:41 AM
  • In addition to Leks' comments:

    Everything is an application. There's no way for a "human" to connect to SQL Server except throuh an application. Managent Studio, for instance, is also an application. So, the question is really about *differentiating* applications. I can think of two possible options here. Application Roles and Logon Triggers.
    Tibor Karaszi, SQL Server MVP | http://www.karaszi.com/sqlserver/default.asp | http://sqlblog.com/blogs/tibor_karaszi
    Tuesday, February 2, 2010 8:24 AM