I have been assigned to develop a application which is to be deployed in more than 1000 locations. I have some security concern over the database which i am using. I want to ensure the accessibility of database to my application only. Database contains some very sensitive information on database (Freezed Bank A/c Numbers in which fund to be transferred) which is to be kept read only until it allowed by remote server(accessed by me only).
My idea to achieve above is as follows,
- During installation of application, sa password will changed by application and password will be known by application.
- Windows Authentication will be disabled by the application, No windows user will be able to access sql management studio.
Though my concerns are as follows,
- Anybody de-attaches database and attaches in different installation, access of database will be gained by user.
- I have to provide the option take backup of database, user can restore the database in different installation.
- I guess there will be some methods in that ldf-mdf files can be replaced as users is having full file system windows access.
I will not mind if the user gains the read only access to database, but i will strongly insist no write operation should be allowed on database.
Any suggestions how to implement this.
Example : SQLite for .net has some features like encryption of database, which ensures access of database to application, while have full access to file system, But sqlite is not recommended for large scale applications because SQLite only supports a single writer at a time.