If I understand you correctly, the situation is such that it's ok for me (as
the end user) to see the data as long as I go through your program but if I
try to access (no pun intended) the data outside of your program then that's
what needs to be prevented? If this is the case, then I don't think there's
any way possible to secure it, and no, I don't mean in the sense that I
could hack it. If I'm the end user and even one person in my company has
access to view the data, and my goal is to copy that data and sell it as my
own, even your current security scheme wouldn't stop me- b/c I could hire a
few interns or temp workers to use your app to enter data into my
application. However assume that somehow this is a fact you can live with.
As far as encryption goes though... I've done way too much in my career,
particular for the dept of defense where everything sensitive was
enrypted/hashed and obscured to but that this isn't viable. Assuming that
your case is the statistical anomaly, then you'd still have to agree that
for most other cases/companies that had the same requirements you did - that
it would be viable. When you say that encryption is too expensive in terms
of performance, that's saying a lot and such a generalization is almost
inconceivable. I'll accept for the sake of argument that your case is so
rare because of some totally unique business rules but this is such a rarity
that for most everyone else, it's not applicable. Where exactly is the hit
that you're suffering?
If you are querying values in the DB that are encrypted than certainly most
indexing strategies won't work. But you don't have to encrypt every field
in the table, only ones with the sensitive data. So you can index other
fields and take advantage of that to speed your queries. The fact that I
know Column1 has a value of 222 tells me nothing about any of the other
fields in that record (assuming it was a sequence/identity/autoincrement).
Using strategies like this can easily address the query times. You can
also use hashed values, lighter encryption routines etc for some of the
columns but not others. By carefully analyzing your data and taking
advantage both symmetric ciphers an assymetric ciphers, you can honestly
reduce the impact on performance - And since you can do a LOT with Sql
Server or Oracle in terms of hardware power, you can more than offset the
performance hit you're taking by encrypting the data. Honestly, if you have
a 2 processor itanium server with 4 gigs of ram (which is still very
affordable) on the low end, and you are careful about what you encrypt or
hash and how you do it, you could definitely get better performance there
than what many people with ultra low end servers are getting with totally
unencrypted data.
Also, with Sql Server you can use SQL DMO and encrypt your stored procedures
to add an additional layer of protection by not exposing your sql
statements. I'm not sure about Oracle in this regard but somehow I can't
imagine that Oracle would have overlooked functionality like this.
In order for me to 'prove' that it's doable, I'd need to see what the
current baseline is, but 'encrypting' data is very vague. Certainly I can
imagine doing it in such a way that performance would be nightmarish. But
I've worked on two systems with the DOD that were running Sql Server 2000
where just about everything other than lookup tables was encrypted and
there's no way you'd know the difference as an end user b/c the efficiency
and elegance of how they chose to implement this, bolstered by some decent
servers (although as far as hardware went, they were nowhere near the
horsepower of what I've seen in a typical brokerage firm). Many of the
tables that were used were well over 20 million records and a few of them
topped 700 million records and perhaps your system is notably larger than
that in terms of records, but like I said, there was still a lot of room for
performance increases in terms of hardware.
----------------------------------
If you're honestly really in need of a solution for this , I'd be more than
willing to talk to you offline about it and show you some of the ways that
the systems I mentioned above accomplished what they did. Performance was
very important and as far as end users went, there were seldom complaints
about the responsiveness of the applications or the db. Being a military
installation - Security was absolutely critical and in most instances, the
encryption that was used was much stronger/heavier than what the civilian
world has access to - but the flip side of that was that it was even less
performant than commercial grade algorithms like TripleDes - so if you
implemented anything lighter - you'd get even better performance. Finally,
in these two situations, point in time restore capability was almost as
critical as security and more critical than performance so using a RDBMS
with backup and restore ability was a must as well. Most of it was done
with Sql Server although the second system using both Oracle 9i and Sql
Server 2000 extensively (I know this probably sounds dumb - using both dbs
on the same application but that was done to fulfill other security
requirements so that if one of them was compromised, the other one could
fill in the void - well, there's a little more to it than that but you get
the idea.). Anyway, I'd be glad to share some of strategies that were used
(obviously I can't get too specific but since you're only dealing with
commerical grade encryption anyway, that won't be a problem) and point you
in the direction to we used to get there.) Also, above I may have seemed a
bit abrupt or rude - if so, it's just my clumsiness as a writer - I
certainly didn't mean to come off that way if I did..
Cheers,
Bill
m.posseth said:
Hello Ryan ,,,
Well untill sofar i did not find a free solution that can counterpart with
what Access can give me out of the box
i am aware of the security modell of SQL server ( we do use SQL server
enterprise for our web projects ) and that is exactly our problem
i work for a companny who sells data ,, we collect data of Automotive
parts wich oil filter will fit on wich car etc etc etc this is expensive
information
then we create a nice gui around this database and sell it to automotive
parts importers throughout Europe ,,, they give this program on DVD to
local workshops ( only in germany already 6000 )
So you understand that collecting this data is big business, we employ
numerous people who`s job is to find out wich parts fits on wich car ,,,
Maybe you are beginning to understand my problem and for a fact numerous
other developers around the world ???
when the data is the value of your program , and this program is shipped
to an end user ,,, there is not reall alternative as a worgroup Access
database
as i encounter the performance limits of access i really wish it was true
that i can secure my data in such a way that only my program has access to
this data
encrypting all columns in my database would degrade the performance in
such a way that it is unacceptable for the customer ( there is lots of
querying going around in these databases )
the problem is we arre talking about different forms of security
in my situation when the database goes corrupted ,,, so be it,,,, perform
a new installation of the program and the problem is solved
in my context security means securing my data from the concurency ,,,, so
this means that nobody and when is say nobody i also mean administrators
etc etc except my program should have access to the database ( with access
this is possible with MSDE it isn`t )
Okay before we end in a discussion stating that everything can be hacked
,,, ofcourse but untill sofar nobody has our data yet ,,, if it was a open
database what would have happened ???
P.s.
had once a discussion with someboddy that said it was probably due to my
SQL knowledge that i couldn`t secure it ,,, well i asked him to send me a
small demo database that i should not be able to open ,,, received it
atached it with my enterprise manager to my local instance and walla there
was all the data
well that was exactly my nightmare scenario , with a database that i would
have shipped as soposed to be secured
on numerous newsgroups ,, i found lots of developers facing the same
problem
I hope that someone will once comeup with a solution ,, as i said it is
lots of data , so it would be great if i could switch over
regards
Michel Posseth
W.G. Ryan MVP said:
Michael - Not trying to start a flame war, but to say that security is
stronger in Access than Sql Server b/c someone with Admin privileges can
get to the db nutty. If someone has admin privileges and access to a
box, they can get to just about anything. You can definitely permission
sql server strong enough to keep people from seeing what they don't have
permission to. And if people have Admin rights that shouldn't than
there's problems with the permission scheme not the db.At some point,
someone is going to have to have access to the data and whatever scheme
you come up with is only as strong as the how it's enforced - and it
doesn't matter how the data is compromised per se, but that it's
compromised at all.
In your scenario where it's not a problem if the users own there data but
it is if they don't, why not store the data in the Sql Server DB
Encrypted? We do that all the time (in fact we're required to in many
instances).
As far as 50 users concurrently. There are countless numbers of people
that have terrible problems w/ Access when the number is as low as 5.
And unless you can control with certainty, the growth of the user base,
than scalability is a major problem. What if your app needed to support
100 people or a much rigorous load? With Sql Server or any real DB
that'd be laughable and wouldn't require any work at all.
I'm not trying to be argumentative, but the fact that Access can work as
a solution doesn't mean it's a good one, and to claim that it's more
secure is just nuts
m.posseth said:
Well ,,,,,,,
sorry to throw some gassoline on this firy thread
But as far as i know ,,,, ms Access , MSDE and SQL express are all free
for a Visual studio programmer
file security lets me stick to MS Access 2000
MSDE , SQL express , firebird , interbase etc etc all great databases
however they lack one key functionality that keeps me from using it in
my deployable apps
and that is security ,,,,, everyone with admin rights can look in your
database files and see your data , with access you can create a
workgroup file , encrypt the database and only your program can access
the data
This is no problem if your users own the data , in my situation the data
is the core business ( this is were the value of the app is ) so you do
not want to have the concurency steal your data and create there own gui
aropund that data and sell this as there own product
i wish i could switch over to a reall RDBMS as our database files are
growing to gigabytes ,,,, however i must say about access it isn`t so
bad as people are telling here because our products are beeing used by
thousands of users throughout Europe and are even used on server farms
with more as 50 users using the same program ( thus same DB ) however
we are talking about mostly read data with once in a while a price
update
Also the ease to deploy your app with a Access DB,, well ,,, its just
a mather of xcopy and make sure Mdac is installed on the target system
I have once made a deploy package for MSDE and found myself coding in
C++ to get everything how i wanted it ( check if there is already an
instance, naming etc etc ) , i understood that this is now much better
with sql express however now you should investigate Installer technology
as eveything is now in a Merge module that can be customized with these
options ( MSDE had also a MM but this lacked these options )
If i am truly honest ,,,,,,,, i must say that if file security was not
an issue i would probably now use the Firebird DB as it performs superb,
is free and is much easier to deploy , (XCOPY deployable , and it is
multi platform ),, there is even an embedded version , that can be
scaled up to the reall server version . and again i must say that this
hurts me as i am a true MS fanatic
regards
Michel Posseth [MCP]
"Earl" <
[email protected]> schreef in bericht
If the database design is normalized, then it's less likely that size
will become an issue. A non-normalized database will grow
exponentially.
JET ("Access") could be used, as I have in the past for a small system
with less than 10 users, but in time, you will sooner or later hit a
locking issue and/or possible corruption.
As noted by Cor, MSDE is a real bitch to deploy (the cynic in me says
that was by design), so the best "free" choice for a networked solution
would be SQL Express 2005. I'm not sure about the licensing issues in
your scenario.
Otherwise, for a small business, if you don't already have a server
installed and plan to build a small network, you might consider buying
Small Business Server Premium. It comes with SQL Server 2000 Standard.
Hi all
I am planning on writing a stock and accounts program for the family
business, I understand this is likely to take close to 2 years to
accomplish. The stock is likely to run into over a thousand items and
the accounting side will be used for hopefully many years so the
entries are likely to be vast.
The delema is what is best to use ase the DB engine, Access I have as
part of Office 2002 or should I really be looking at SQL server??
What are the pros and cons between the two??
The DB will only be accessed by one client at this time but never more
than 2.
If the choice is SQL Server is there a version available just for
single clients. I remember using MSDE when I did my ASP.Net book can
this be used to create the initial DB???
Thanks for taking the time to read this, any advice would be very
helpfull to me at this planning stage.
