I am wondering how I could protect an Access database in a C# project which will run on computers without internet connection, so a 3-tier-architecture is not applicable. It should not be possible to copy the database or ask for values without using the C# application.
2
-
1Why is a 3-tier architecture not applicable? Just because you are running everything on one machine doesn't remove the need for a 3-tier architecture. You still have a presentation tier, a logic tier and a data access tier. You don't have to have each in a different process or machine.Colin Mackay– Colin Mackay2010-12-02 16:27:22 +00:00Commented Dec 2, 2010 at 16:27
-
I think local access to the data is the issue, rather than the architecture specifically?Tim Barrass– Tim Barrass2010-12-02 16:29:16 +00:00Commented Dec 2, 2010 at 16:29
Add a comment
|
2 Answers
You can password protect an Access database and store the password as a resource, encrypting the value if you like. In your code, you would read the resource (decrypting if necessary) to pass it on the connection string.
1 Comment
Tim Barrass
I'd definitely look at encrypting the password and obfuscating the app code to dissuade the casual hacker, too ..
You could encrypt the contents of the database -- but as soon as you give the data away, encrypted or not, you give someone an easier shot at extracting it. Especially if you put the decryption logic into the app that you deploy alongside it without obfuscating it.
edit: not that encrypting the data is a waste of time; there's a relation between difficulty of decryption and value of the data.
