How to block access to .mdf file RRS feed

  • Question

  • I have an application deployed in many customers with SQL Server 2008 Express.

    For security reasons, I have blocked all the logins on the server, however, users can still copy the MDF and LDF file. 

    How can I impede my customers of copying .mdf and .ldf files?


    Friday, February 25, 2011 7:49 PM

All replies

  • How are they copying MDF and LDF files ? when your sql services are running that is not possible .

    Thanks,Suhas V

    Friday, February 25, 2011 8:21 PM
  • If the computer belongs to the customer, then you can't keep them from stopping SQL Server and then copying the files. It is their computer. They get to decide how to manage it. You could use Windows file system permissions to restrict access. But if the customers are members of the local administrators group, they can take back the file system permissions. You could encrypt the folder with a certificate, which could block the owner of the computer, but if this is their computer, they would never knowingly agree to that, so that would be unethical, and in some jurisdictions it might be illegal. Definitly not recommended.

    If you are worried about protecting your intellectual property, that should be addressed by your license terms. It's a legal protection. Not a physical protection.

    As for blocking all logins, members of the computers local administrators group can still access the database. See Troubleshooting: Connecting to SQL Server When System Administrators Are Locked Out

    Rick Byham, Microsoft, SQL Server Books Online, Implies no warranty
    • Proposed as answer by WeiLin Qiao Monday, February 28, 2011 10:03 AM
    Friday, February 25, 2011 9:15 PM
  • I don't know how  they did it, maybe they've stopped the service.

    As the computer on the customers is not in a trusted environment, all users act as Administrator accounts and have privileges to stop the SQL server service.

    Saturday, February 26, 2011 11:26 AM