locked
Security RRS feed

  • Question

  • I understand the concept of MSF and having data on the local user machine helps for developing a smart client application. But if the data is being stored in the local machine in SQL Server Compact edition, then how secure is the data?

     

    For example the user can take their laptop home and if there is sensitive information in some of the database tables, what prevents them from accessing that data? What if they copy the Compact database to their personal home computer?

     

    Another example is if a laptop is lost or stolen. If the person is somehow able to get into the machine, what prevents them from accessing the information.

     

    As you can imagine, sales people will have all their contact information available offline which is the bread and butter for a corporation. If that information is lost or stolen, that can have a great impact on business.

     

    Thanks,

    Gaurav Bhasin

    • Moved by Max Wang_1983 Thursday, April 21, 2011 10:19 PM forum consolidation (From:SyncFx - Technical Discussion [ReadOnly])
    Thursday, November 8, 2007 4:24 PM

Answers

  • Hi Gaurav,

     

    The SQL Server Compact Edition database engine provides two features for securing local databases on the supported devices:

    • Password-protecting SQL Server Compact Edition databases
    • Encrypting SQL Server Compact Edition databases

    I believe a combination of the two options will enable you to secure the data so that you can:

    • Stops users from accessing data unless they are authenticated (e.g., in the case the device is stolen or a user somehow manages to get on the machine)
    • Stops users from simply opening the database file in an editor to view the data

    There is some more information on these features here:

    http://technet.microsoft.com/en-us/library/ms171955.aspx

     

    Liam

    Thursday, November 8, 2007 6:15 PM

All replies

  • Hi Gaurav,

     

    The SQL Server Compact Edition database engine provides two features for securing local databases on the supported devices:

    • Password-protecting SQL Server Compact Edition databases
    • Encrypting SQL Server Compact Edition databases

    I believe a combination of the two options will enable you to secure the data so that you can:

    • Stops users from accessing data unless they are authenticated (e.g., in the case the device is stolen or a user somehow manages to get on the machine)
    • Stops users from simply opening the database file in an editor to view the data

    There is some more information on these features here:

    http://technet.microsoft.com/en-us/library/ms171955.aspx

     

    Liam

    Thursday, November 8, 2007 6:15 PM
  • But, there is a posibility to do not trasmit this data to devices? Where I can put the logic for doit?

    Thaks.

    Wednesday, December 12, 2007 5:59 PM
  • Hi tinchods,

     

    Can you expand a little on what you mean by "do not transmit this data to devices"?  Are you saying, if the device is stolen that you want to stop downloading data to that device?

     

    Liam

    Wednesday, December 12, 2007 6:47 PM
  • Hi Tinchods,

     

    If it is the security of the device you are worried about if stolen, the best way forward would be to use the Microsoft.WindowsMobile.PocketOutlook assembly to monitor the inbox for either e-mail or SMS. You can set up a function in the local software that once an SMS from a certain recipient with a certain "code word" inside the body appears you can delete all the data from the local database. The same can work for e-mail too if the mobile device is not a phone but simply a PDA than can receive email.

     

    Hope this helps?

     

    Lewis

     

    Tuesday, January 1, 2008 2:18 PM