0

Well, I am currently developing an application where different users can login using their email. The application will save the mail details (sender, message, receiver, attachment, etc) to the database.

My problem is, I don't want the user to have access to the database when using sql server management studio (maybe some techie users would open their sql and edit the the message there, so yea.. I needed some security for the app.).

My solution is i have to set a username/password to the DATABASE only. Is this even possible? OR maybe you can suggest me some ways where the user can't access the sql management studio?

-the application will be deployed on different computers with different servers at different places. Like a standalone app.

hehe. Sorry if my question isn't making any sense, this is my first project on a company so I don't really have that much knowledge yet regarding these things :)

Improve this question

1 Answer 1

Reset to default
1

Any login credentials that your app can use, the user can extract using a decompiler.

You should create a separate DB user for the app that doesn't have write access to things you don't want users to change.

Improve this answer
Sign up to request clarification or add additional context in comments.

6 Comments

thank you for your reply :D technet.microsoft.com/en-us/library/ms189522.aspx I was reading this post, is this what you were suggesting? I don't know how to integrate it with the app yet but I'll get back here as soon as I get it right :)
thanks, hmm.. I guess that the link you gave me would require me to go the place where the app is supposed to be installed? I mean, I'm from philippines and then if the user is from canada do I have to configure it manually for them?
@Codemunkeee: No; you just create a login in your database (in SQL server), then change the app to use that login.
OK thanks! I'll try it out and mark this as solved as soon as I got this.
sir, I have already set a password for my database! Thanks! However, I can still attach the database and see the data when using sql server management studio. Is there any other way the user "would not be able to attach / prompt a username and password" before attaching the database?
|

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.