I had been requested to create a database and it is GUI frontend for many non-profit organization I'm person in.
Your decision ended up being to use .Internet when i know C# fariy good and writing GUI isn't very difficult. I regarded applying local SQL Server database (when i labored earlier with MySQL) and fasten into it via SqlClient interface. However I uncover some problem:
Machine with database installed is public. Even account that database could be utilized is freely available. So so far as I understand anybody who'll bring portable MS Access would obtain a free use of data saved in database. Possibly I'm wrong and you'll be able to secure database with password independent from user account. But I'm not sure how to achieve that (I don't have MS Access, only fundamental Office and Visual Studio Express).
Or if it's impossible, what's the easiest method to replace SQL Server database?
When the database files are available to anybody, then anybody can just remove them. File encryption will not prevent that.
With that said, if you cannot make use of the file system to create the database files themselves secure, then you will need to use database file encryption. SQL Server does support this.
Have you thought about SQLite? There's b .Internet library for this, and installation/setup are extremely easy. It runs being an "embedded" database, so it might be yet another DLL and computer file for the application.
File encryption does exists for SQLite, however i haven't used which include and so i cannot personally recommend it.
Simply because the equipment is public does not mean the information is freely accessible. You have to investigate security on MS-SQL. You are able to limit use of databases, specific tables, and saved methods on the user by user level, or on the group level.
You might want to take a look at SQL Express. It's free and light-weight. It doesn't have full functionalities of the fully licensed SQL Server, however it most likely has the thing you need.
As multiple people have stated, when the database files are public then your information is public. File encryption won't assist you to. Switching to SQLite won't help make the database files non-public.
One method to do that would be to store your database on the private server and expose the information via a public API via Cleaning soap, Relaxation, web services or such. The GUI front-finish will be sending demands towards the private server and display the outcomes.
Think about making the applying an internet application the GUI front-finish becomes an regular internet browser.
In case your database needs aren't overweight, you could utilize sqlite. It does not possess a 'server' and does not require authentication. It might reside on a single machine as the actual application like a file.
Presuming the particular machine which you take your application (instead of the general public machine which the db runs) does not have public accounts, it ought to be fairly safe.
When the file system should be available to anybody, then you will want to secure the database. Individuals who suggest establishing customers with limited access are wrong this will not prevent someone from simply opening the files and peeking in the data. The logins for SQL server don't safeguard you against someone simply opening the actual documents in notepad. They aren't clear to see, although not encoded.
SQL Server does be capable of encrpyt the information files -- see databasejournal.com -- however i wouldn't recommend it.
If you're able to, turn to acquiring the equipment using standard Home windows file security. Then make certain that you simply deny read permissions to those files to each user except the main one running SQL Server -- usually local system or network user, IIRC.