M
Matt
I have been searching around for quite a while now, trying to figure out
how to securely connect a Windows Forms application to an instance of
SQL Server 2005. I have looked through SQL Server Books Online, Visual
Studio's online help, and searched through newsgroups, forums, and
anything else I could think of without any avail.
The problem is as follows:
If I use SQL Server Authentication (i.e., username/password) to log into
the server, these values are stored as plain-text in the application
configuration file, which an end-user could simply open with notepad. I
have not seen any effective way to handle encrypting this file for
Windows Forms (though there appear to be methods that work under ASP.NET).
If, instead, I use Windows Authentication, I have to give all users the
necessary read/write access to perform the functions of the application.
This means that any user smart enough to download and run SQL Management
Studio Express can fool around in the database directly.
I have been pointed a couple times to look into Application Roles in SQL
Server. I understand completely how to implement these within the
context of SQL Server itself, but have not been able to find any method
of integrating them into the Visual Studio development environment. Is
there some simple way of telling my application to always connect and
register itself to a given application role?
On another note, am I even approaching this in the correct manner. Is
there some other simple method for handling all of the security issues?
Thanks,
Matt
how to securely connect a Windows Forms application to an instance of
SQL Server 2005. I have looked through SQL Server Books Online, Visual
Studio's online help, and searched through newsgroups, forums, and
anything else I could think of without any avail.
The problem is as follows:
If I use SQL Server Authentication (i.e., username/password) to log into
the server, these values are stored as plain-text in the application
configuration file, which an end-user could simply open with notepad. I
have not seen any effective way to handle encrypting this file for
Windows Forms (though there appear to be methods that work under ASP.NET).
If, instead, I use Windows Authentication, I have to give all users the
necessary read/write access to perform the functions of the application.
This means that any user smart enough to download and run SQL Management
Studio Express can fool around in the database directly.
I have been pointed a couple times to look into Application Roles in SQL
Server. I understand completely how to implement these within the
context of SQL Server itself, but have not been able to find any method
of integrating them into the Visual Studio development environment. Is
there some simple way of telling my application to always connect and
register itself to a given application role?
On another note, am I even approaching this in the correct manner. Is
there some other simple method for handling all of the security issues?
Thanks,
Matt