Uncategorized

Restricting Proprietary Database Access

by Ben Taylor

Restricting Proprietary Database Access
I read on a thread in a newsgroup yesterday where the writer uses SQL Server for persistence in their application. However, they want to lock the database down so that it cannot be manipulated by their customers.

The designer wants to configure the database so that it is completely un-accessible to anything except their proprietary application. They want to completely disable all ability to run ad-hoc SQL of any form.

It is possible to use SQL Server authentication and manage that from the application itself so that the database connection credentials are never exposed to end users. However, the SA account will have full rights to the database. Perhaps they could do a separate standalone instance and disable the SA account. But can they disable the Windows Administrator account?

Of course they could take the approach Great Plains did in their accounting package by using obfuscation. All database objects were provided un-meaningful names such as T01291, C012381, P12717, etc. You had to be a Great Plains consultant to get access to the key for the database objects. So, even with full access to the database, it would be a bit of work to determine the schema and other database objects.

What would you do? Do you have any other ideas for locking down a proprietary database distributed to end users? Drop me a note at btaylor@sswug.org.

Cheers,

Ben

$$SWYNK$$

SelecTViews
Open source projects and SQL Server, FrontPage Lives?!, Business Intelligence is profiling…. or is it? SQL Server tools and the cloud, featured blog, Chris Shaw on the show and MUCH more.
[Watch the Show]

Featured Article(s)
SQL Server 2008: The Resource Governor (Part 3 of 3)
One of the long requested features by many DBAs over the last few decades has been the ability to throttle resource usage based on the workload coming in to the server. Microsoft has finally given us the Resource Governor in SQL Server 2008. In this session, we’ll talk about what the Resource Governor really is, how it works, and what it will and WON’T do for your servers.

Tips for using Very Large Databases in SQL Server 2008
In this article, you can find some useful Very Large Databases performance tuning and optimization tips.

Featured White Paper(s)
Essential Performance Tools for SQL Server DBAS
Optimizing SQL Server performance can be a daunting task. Especially so for an increasing number of reluctant DBAs faced with… (read more)

Featured Script
dba3_Identity_Value_RollBack_Skipping_demo
Identities do not guarantee gap free incremented row values… (read more)

Author: Ben TaylorBen is a Relational Database veteran starting in the early eighties on DEC Vax database systems such as Bloom and Harvest. He has specialized in SQL engines for more than two decades, with a primary focus on Microsoft SQL Server. Ben has worked with small and large databases for both OLAP and OLTP working on systems for many industries such as Medical (Medical Claims and Eligibility Warehouse, HMO Provider Management, Enrollment), Financial (credit card processing, mortgage, stock portfolio management), Manufacturing (Assembly Line and Product Assemblies), Sales, Auto Auctions and more.