none
password/encryption for local db file OR best practises RRS feed

  • Question

  • hi,

    i have a multi-user application , the all the users are on the same PC ,

    it's for cashiers in a coffeehouse , each cashier has a shift and they share the same PC.

    the application uses locaDB 2012 as data storage.

    what is the best approach to protected the localdb file(privet any user)   from been copied to another PC , attached to another instance of sqlserver and tamper with the data ?

    the best solution is to use another PC as a server and store my DB there , but this add another PC ,software configuration witch the owner don't want .

    can localdb file be encrypted/password protected ?

    can locadb work across windows users ? create windows account for each cashier ?

    Saturday, December 28, 2013 9:19 AM

Answers

  • >can localdb file be encrypted/password protected ?

    Yes that can be done... not sure if Express the appropriate level.

    >can locadb work across windows users ?

    Yes, SS operates as a server.

    >create windows account for each cashier ?

    Yes.

    Consider also MS Access. It maybe a better fit.


    Kalman Toth Database & OLAP Architect IPAD SELECT Query Video Tutorial 3.5 Hours
    New Book / Kindle: Exam 70-461 Bootcamp: Querying Microsoft SQL Server 2012


    • Proposed as answer by Praveen Rayan D'sa Saturday, December 28, 2013 10:25 AM
    • Marked as answer by Hani Safa Sunday, December 29, 2013 5:54 PM
    Saturday, December 28, 2013 9:59 AM
  • If you are using SQL Server 2012 Enterprise edition then we can use Transparent data encryption (TDE), please refer the below article:

    http://technet.microsoft.com/en-us/library/bb934049.aspx

    For other encryption mechanisms refer :http://technet.microsoft.com/en-us/library/ms189586.aspx

    To protected the localdb from the SQL side we can try:

    1) Remove the windows user from SYSADMIN role in the SQL logins, grant only the required permission (READ/WRITE)

    To protected the localdb from the windows side we can try:

    inorder to copy the physical file (database) we need to stop the SQL Server service

    1) Grant the user minimal permission on the windows so that the user will not have permission to stop the service.

    2) On the side note you can also block the USB ports on the server and remove the network/internet if not required.

    • Marked as answer by Hani Safa Sunday, December 29, 2013 5:54 PM
    Sunday, December 29, 2013 8:02 AM

All replies

  • >can localdb file be encrypted/password protected ?

    Yes that can be done... not sure if Express the appropriate level.

    >can locadb work across windows users ?

    Yes, SS operates as a server.

    >create windows account for each cashier ?

    Yes.

    Consider also MS Access. It maybe a better fit.


    Kalman Toth Database & OLAP Architect IPAD SELECT Query Video Tutorial 3.5 Hours
    New Book / Kindle: Exam 70-461 Bootcamp: Querying Microsoft SQL Server 2012


    • Proposed as answer by Praveen Rayan D'sa Saturday, December 28, 2013 10:25 AM
    • Marked as answer by Hani Safa Sunday, December 29, 2013 5:54 PM
    Saturday, December 28, 2013 9:59 AM
  • If you are using SQL Server 2012 Enterprise edition then we can use Transparent data encryption (TDE), please refer the below article:

    http://technet.microsoft.com/en-us/library/bb934049.aspx

    For other encryption mechanisms refer :http://technet.microsoft.com/en-us/library/ms189586.aspx

    To protected the localdb from the SQL side we can try:

    1) Remove the windows user from SYSADMIN role in the SQL logins, grant only the required permission (READ/WRITE)

    To protected the localdb from the windows side we can try:

    inorder to copy the physical file (database) we need to stop the SQL Server service

    1) Grant the user minimal permission on the windows so that the user will not have permission to stop the service.

    2) On the side note you can also block the USB ports on the server and remove the network/internet if not required.

    • Marked as answer by Hani Safa Sunday, December 29, 2013 5:54 PM
    Sunday, December 29, 2013 8:02 AM