问题
I have designed a software using SqlLocalDb v11.0 instance. The database will be on user's machine (.mdf file). I was using SQL Server CE before.
In SQL Server CE my database is protected by a password with "Encryption Mode = Engine Default"
Is there any way to protect SqlLocalDB?
I know there is a way using named instances, as in the link https://msdn.microsoft.com/en-us/library/hh510202(v=sql.110).aspx
Is there any way to associate password with LocalDB .mdf file. So that any other can not open it?
回答1:
If you mean protecting files from user, I think the answer is No, you can't. a user can copy your files simply.
LocalDB always runs under the users security context; that is, LocalDB never runs with credentials from the local Administrator’s group. This means that all database files used by a LocalDB instance must be accessible using the owning user’s Windows account, without considering membership in the local Administrators group.
For more information see Permissions section in SQL Server 2012 Express LocalDB
I believe you have the option to encrypt and decrypt data using .Net Framework and TSQL methods, but you can't protect your database objects using database encryption options since TDE (Transparent Data Encryption) is not supported by LocalDB.
回答2:
If you are willing to consider a third party product that may help you (there may be others) you may want to look at NetLib Encryptionizer. It it similar to SQL Server TDE but works on all versions and editions of SQL Server, including Express and LocalDB. Typically used by application developers. However it works differently than SQL's built-in TDE. SQL TDE is (obviously) built into SQL Server and encrypts on the page level. Encryptionizer sits between SQL and the operating system and encrypts on the file level.
There is another product, DBEncrypt I believe, but I am not sure about supporting LocalDB. It works by injecting code into the running SQL process.
(Disclaimer: I am from NetLib Security).
来源:https://stackoverflow.com/questions/32973509/how-to-protect-sqllocaldb-database-file-with-custom-password