Deploy windows form with local database (anyone can access see my database files)

tondar1369

New member
Joined
Jun 21, 2016
Messages
3
Programming Experience
3-5
Hello, i have finished developing a c# code for a software, and it is time to make a setup for it ( using "Setup and Deployment" project of visual studio ) and publish it to the users to install and use the software. this software uses files of DLLs, database files (mdf,ldf) and some other (.exe, .exe.config, .exe.manifest and .pdb)... in the setup project of this software i need to put the required files to be installed on users pc... so i put all the files in debug folder (or release folder including database files mdf and ldf)... the problem is that anyone who has installed this application, can see my MDF and LDF database files and can easily attach it to a sql server and find out how my tables were designed and what are my records.
Please help me with these questions that i need the most :


  • 1)how could i prevent users from seeing these source files?
  • 2)is this way of publishing (put every thing in debug or release folder for installation of end user) correct?
  • 3)should i directly put MDF and LDF files or have to do a some work of securing them like compiling into irreversible format that only application can use it not anyone else?
  • 4)should i do something in the process of creation of database in visual studio to prevent any one accessing it except software itself?
  • 5)am i missing a concept in the way of publishing an application with local database?


P.S:
application is developed by C# windows form using visual studio .net 2013 (.NET 4.5)
Setup project is used by "Setup and Deployment" of visual studio
Application is using local database by visual studio
This is my first time of publishing an actual software sorry for any lack of information

Thanks for your help
 
Last edited:
Is there a particular issue with people seeing your database design? There may be some reason that you'd want to restrict access to some or all data but preventing people seeing the table design seems rather over the top.
 
Is there a particular issue with people seeing your database design? There may be some reason that you'd want to restrict access to some or all data but preventing people seeing the table design seems rather over the top.

Thanks for the reply.
am i being obsessed with database security?
its a simple table design with some db stored-procedures.
should i leave it be and dont care about the security?
coz this is my first time and im not sure its important to secure it or not.

thanks
 
It does sound like you're being a bit over-cautious. Generally speaking, it really doesn't matter that a user can see your database schema and, more often than not, it doesn't even matter that they can see the data. What are they going to be able to do with that information that they shouldn't? There are obviously some times that some data exists that a user should not be able to see and it's often undesirable that they edit data directly in the database because they may create a state that your application is not expecting. Even then though, it's their data and if the application breaks then it's only themselves that they're hurting so it's not the end of the world.
 
Back
Top Bottom