Sql-server – How to prevent the clients viewing the database definition when it is installed on their server

access-controlpermissionssql server

I want to give my database to the client to install on their server.

However, I want to deny the client rights to see the tables and stored procedures and also want to restrict that database to run from a single IP address.

How do I stop the user viewing the database tables even though database is present on their server?

We want to give the application to run on their own servers, but we don't want to show the tables and stored procedures. They are also not supposed to make any modifications to the database. Is this possible?

Perhaps can we encrypt database credentials in the web.config file?

Best Answer

Short Answer: you can't.

If the database is being run on the customer's infrastructure, then the customer must have control over their own infrastructure. Without it, they cannot operate.

If you really don't want them to have that control, then you cannot give them the database. This is the "Software-as-a-Service" Operating Model wherein you licence the application but don't get to play with the "back-end" of things.

I would suggest that this is not a Technical problem. It's a Licencing one.

I assume that the licence agreement for your software includes a provision that prevents any Customer from "Reverse Engineering" any part of your product. That clause should be extended to include your database.

Any "mucking about" with the database should invalidate [at least] your support agreement with that Customer. If they want to take that Risk, well, that's up to them.