Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Need Solution for SQL Server

Posted on 2009-06-29
13
Medium Priority
?
245 Views
Last Modified: 2012-05-07
I developed an internet application that is being hosted.  A couple of companies have approached us in regards to utilizing the application but want to utilize it on their intranet instead of the internet.  Our SQL server has  proprietary information that we do not want customers to see.  

Any ideas how I can put on their server and not allow them access to the dbase?
0
Comment
Question by:CipherIS
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
  • 3
  • +2
13 Comments
 
LVL 38

Expert Comment

by:Jim P.
ID: 24737059
>> Our SQL server has  proprietary information that we do not ...


When you say proprietary information are you referring to stored procedures and how your system operates?

Could you compile the sp's into DLL's and then make them xp_MyProc?
0
 
LVL 1

Author Comment

by:CipherIS
ID: 24737257
No we cant.  Yes the stored procedures, table structures, etc....  We want to prevent any reverse engineering.
0
 
LVL 38

Expert Comment

by:Jim P.
ID: 24737462
There is really no way to do it. Especially once it at the remote site.

SQL Server has to have a database owner that is local and can't be prevented from seeing the structure and data in the tables.
0
Prepare for your VMware VCP6-DCV exam.

Josh Coen and Jason Langer have prepared the latest edition of VCP study guide. Both authors have been working in the IT field for more than a decade, and both hold VMware certifications. This 163-page guide covers all 10 of the exam blueprint sections.

 
LVL 22

Expert Comment

by:8080_Diver
ID: 24737551
AS has already been pointed out, having it on a local intranet is going to, basically, require exposing the database.  The only solution that I can come up with is to, in effect, host the database locally instead of on the internet.
In other words, suppose you set up a server and the database on site but retain full control over and the only non-programmatic access to the database and server.  (Of course, you would need to escrow  the SA name/password, etc., in case you and your company get squashed on the freeway. ;-)  The idea being that you will maintain the server and the database via remote connections but it will be, "in-house" and on their intranet for all practical purposes.  
Of course, since you will have additional expenses involved in dealing with the remote locations for the servers and databases, you will need to charge a bit more for the services but, if the companies are that paranoid, they will probably pay for it.  If they opt not to and, instead, opt for the secure internet rather than intranetoption, then you aren't out any more trouble than preparing the proposal. ;-)
0
 
LVL 1

Author Comment

by:CipherIS
ID: 24737896
Let me try to be a little more clear.  We have an internet site which will still be available for customers.

It is the customers who want an intranet solution that we are trying to address.  They will not use our functioning internet site.  We need to implement our code and dbase on their intranet.  We can take care of the code.  The issue is SQL Server.  We do not want them to have internal access to it if it is on their site.
0
 
LVL 6

Expert Comment

by:PIERCGG
ID: 24738008
I would think that as long as you did not provide them with a Windows login nor a SQL login that they shouldn't be able to Connect the the dbs to see them?
0
 
LVL 6

Expert Comment

by:PIERCGG
ID: 24738050
Additionally, if you provided even 1 user to have a SQL login, the DENY option in the permissions is a very powerful limiting option to keep people out of what you don't want them to see.  But first, I simply wouldn't give them any credentials to connect in the first place.  Let your code access the dbs only using a SQL login which SHOULD BE encrypted in your code or in the config file for the code.  Then just don't ever give those credentials to your customer either.
0
 
LVL 38

Accepted Solution

by:
Jim P. earned 2000 total points
ID: 24738306
>> We do not want them to have internal access to it if it is on their site.

Unless you deploy it as an appliance -- pre-installed SQL Server and web interface on your own server that is running at their site -- there is simply no way to do it.

The issue is the SQL Server will integrate to Windows server. And even then if you control all the passwords and such that go into the SQL Server Services, all someone has to do is shut down the SQL Server services, copy  the mdf/ldf files to another SQL Server and attach them. Then they have the DB.
0
 
LVL 27

Expert Comment

by:Chris Luttrell
ID: 24738457
have you looked into the WITH ENCRYPTION options of stored procedures, functions, views, and triggers?  that will let them work but not be viewable or editable.
0
 
LVL 22

Expert Comment

by:8080_Diver
ID: 24738538
@CipherIS
Let me try to be a little more clear.  We have an internet site which will still be available for customers.
That was not precluded by my recommendation.  
To restate as briefly as possible:
  1. Install the Database on a server at the customer location;
  2. Do not provide any logins to the customer;
  3. Only allow access to the database's data via the application which has the only "local" access to the database;
  4. You and/or your company will have maintain the server and database via remoteing into the box (which, of course, will mean that the custoemr wll need to provide you with the necessary access through their firewalls, etc.).
Thus, you maintain your security on your database and the customer maintains their security on thier world.
Whether or not you have a version of the database set up on one or more local sites in this manner has zero impact on your internet site . . . although it does somewhat complicate the application and database maintenance.
0
 
LVL 6

Expert Comment

by:PIERCGG
ID: 24738576
However, if the customer is tech-savvy or hires someone who is, then what jimpen stated would seem to be true.
0
 
LVL 1

Author Closing Comment

by:CipherIS
ID: 31597971
Thx
0
 
LVL 38

Expert Comment

by:Jim P.
ID: 24738938
Glad to be of assistance. May all your days get brighter and brighter.
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Ever needed a SQL 2008 Database replicated/mirrored/log shipped on another server but you can't take the downtime inflicted by initial snapshot or disconnect while T-logs are restored or mirror applied? You can use SQL Server Initialize from Backup…
In the first part of this tutorial we will cover the prerequisites for installing SQL Server vNext on Linux.
Familiarize people with the process of utilizing SQL Server functions from within Microsoft Access. Microsoft Access is a very powerful client/server development tool. One of the SQL Server objects that you can interact with from within Microsoft Ac…
Viewers will learn how to use the INSERT statement to insert data into their tables. It will also introduce the NULL statement, to show them what happens when no value is giving for any given column.

610 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question