3

I just started working with SQL and now what I need is to make a database for my C# application which will save user names and passwords. Think of it like a password reminder.

Anyway, what I think I need to do is: I need to create a SQL database which will the application only use to save data. It should not need SQL Server to be installed on the machine.

I searched over the internet but no result, all of them require the use of SQL Server, please could you just provide me the steps to do so, or any resource and thanks a lot.

klashar
  • 2,519
  • 2
  • 28
  • 38
R.Vector
  • 1,669
  • 9
  • 33
  • 41

6 Answers6

10

You need to decide how you want to save your data. You can save the data in an XML file, a plain text file, or anything else.

The reason you're seeing so many examples of people using SQL is because relational databases have already solved a lot of the issues you're likely to run into when storing and retrieving data. That means in most cases, it's much easier to use an SQL database (even a lightweight embedded one) than to try to come up with your own library for retrieving and saving data.

A note about saving passwords

Bear in mind that any data you save on a client's computer is going to be accessible to that client. You can use tricks to make it very difficult for someone to get to that data, but there's nothing your program can do that a clever hacker won't be able to mimic. The only way to avoid letting users see the stored passwords would be to make the user provide a "master" password that gets converted into a key that is used to encrypt the other passwords. This way, only users that know this master password would still be able to get the stored data.

Storing data in a relational database is not sufficient to prevent users from accessing that data.

Community
  • 1
  • 1
StriplingWarrior
  • 151,543
  • 27
  • 246
  • 315
  • i need a databse , data should not be visible to anyone like plain or xml , my database will have only 1 table , so there is no relation on it . i could create a database file [.mdf] and create a table and use C# to alter the table by inserting or editing existing data . but is these are the right steps ? and also would the user require something extra like sql server to be installed on his machine ? – R.Vector Dec 09 '11 at 19:52
  • @R.Vector: A "database" is a loosely-defined term. Technically, a handful of XML files could easily fit that description. Are you saying you need a relational database? If so, why are you against the idea of using SQL? If you just don't want to install SQL Server, see the other posts and comments for examples of lightweight, embedded SQL databases that you could easily package as a part of your distributable. – StriplingWarrior Dec 09 '11 at 19:57
  • 1
    How does "having a database" solve the "data should not be visible to anyone" problem? – Michael Paulukonis Dec 09 '11 at 19:57
  • A database doesn't make your data any less visible than text or xml files. A database (.mdf file is part of that) requires database services. The easiest way to get these are installing a database product, such as SQL server. Otherwise, you will be reinventing a lot of the (database) wheel. (Did you look at some of the smaller SQL server editions? Compact and Express?) – Jamie F Dec 09 '11 at 19:58
  • @Michael Paulukonis : i mean it is hard to see the database`s data if your sql database is encrypted with a username and password . this what i mean . – R.Vector Dec 09 '11 at 20:01
  • my friend used some kind of sql.dll file which redistribute the sqlserver so the client never have to install any SQL product . – R.Vector Dec 09 '11 at 20:02
  • 2
    @R.Vector: If your database is encrypted, but the username and password are known to your program, then it can be decrypted by someone who knows what they're doing. If it's encrypted with a password that the current user must enter in order to access the data, that would work. But you can do the same thing to encrypt data you store in a plain text file. There are many good reasons to use an RDB, but making your data invisible to the client is not one of them. – StriplingWarrior Dec 09 '11 at 20:08
2

You could use SQL Compact ( http://msdn.microsoft.com/en-us/data/ff687142 ) to avoid installing SQL Server.

You could also go for sqlite.org.

Christian Horsdal
  • 4,914
  • 23
  • 24
2

Your requirements of "I want a database" and "I don't want [database]-server" are difficult to match.

If you have a database without a database-server, you have a lump of in-accessible data.

If you want to use a SQL database, you will need a SQL server. Or, you will have to re-implement one in order to use the database.

There are a number of small, open-source SQL servers available. I've worked with HSQL.

you might want to take a look at the SO question SQL-lite vs HSQL-db.

Community
  • 1
  • 1
Michael Paulukonis
  • 9,020
  • 5
  • 48
  • 68
2

If all you want is one file that can't be read easily, try encrypting the data, and use either text or XML files for storage.

Michael Paulukonis
  • 9,020
  • 5
  • 48
  • 68
1

You do need a database to be installed on your computer if you want to use SQL to query the data. It need not be SQL Server, but definitely some kind of database. You can download MySQL, Sql Server Express or any of the free database products available out there.

Once you have that up and running, querying the database from c# is fairly simple and it may be easier for you to follow this tutorial, with has similar functionality to what you need.

Icarus
  • 63,293
  • 14
  • 100
  • 115
1

You could always use a CSV (Comma Separated Value) file as your "database" I found a link that could help you with this Query CSV using LINQ C# 2010

EDIT: When it comes to security, you can always use something like MD5. It can turn a password into a an irreversible hash. This way no one will ever be able to see others passwords

Community
  • 1
  • 1
Chillie
  • 1,030
  • 10
  • 28