A question about C#/ASP/SQL Server Master Password

[Vonny232]

I am working on a SQL server online database that uses C# and ASP.NET on the frontend.

The system interfaces with hardware modems, gets readings from the modems (C#) then stores the readings on the SQL server to be downloaded by a Client app at a later date.
I also use ASP webforms to view reports.

I need to write a remote administration section preferably C#/ASP webform.

The system is to be distributed in different countries, the local distributor needs total Administration control over the database tables using a standard method of usernames/passwords. This isnt the problem.

The problem is the Company i work for want a back door into the system to check statistics and progress at any time. If i use a standard method of passwords, the company we are leasing the software to could change them (or change the code used to verify them). We need an absolute method of getting access to the SQL server tables that cannot be disabled or changed.

any ideas?

[exterminator]

Windows authentication for the database should be helpful?

There are various levels of database access rights. You might want to explore more into those. There are various levels to which you can manage permissioning for various users... db level, table level, column level and with a little effort even row level...

But why would you want a back door?

EDIT - Here is an interesting read (SQL Server 2005) - Implementing Row- and Cell-Level Security

[Vonny232]

Hi, basically the system will be used by a third party company (ie a company in America and a company in Ireland, they will be using the information the server collects to bill people.

We need to always be able to get access to the data they are working with to see how much money they are making and how they are managing the system.

The problem is we will be passing the responsibility of the management of the database to the clients (especially the case of the American client, they will source a server farm and install the system using an installshield we create).

This means if they are clever enough they could change the code or passwords to lock us out. its kinda catch 22, we will give them the entire system including the c# script and ASP code but still want some kind of method of overall control. maybe a software dongle of sorts?

[Tom_Hirst]

If you are giving them the full source code, they would be able to modify it anyway, so they could always take out your back door. It is also worth noting that from a security point of view, any system which the potential attacker (in this case your clients) has full physical access too is effectively compromised, unless all the data is encrypted and they don't have the key, which I don't think is possible in this situation.

Also, I think there could be major legal and security issues with your idea which may need to address before spending too much time on the technical side (e.g. implications if your backdoor password is compromised and do you have any right to see how much money a third party company is making).

[Vonny232]

The system will be leased and in the terms and conditions it will state the system belongs to my employers, so we will always have the right to snoop around.

There is no data protected info, its just a bunch of numbers (oil tank readings), we need to know the number of readings so we know the amount of traffic the server has had.

i agree about the password, this will require some thinking.

Can we not compile the c# scripts to an EXE? instead of several c# files that are uncompiled, that way the data cant be changed, it will contain all the important data about relationships between tables and the connection protocols.

or am i just pissing in the wind?

[Tom_Hirst]

If it's going to be written into the terms and conditions that they provide you with access then you shouldn't really need a back door, if they deny you access to data which they are contractually obliged to provide then you could take (or at least threaten) them with some kind of legal action or termination of support. I would see no reason for them to deny you access to the data if it is not protected/sensative anyway (I'm kind of guessing now that you want to use this data for improving future versions/bug tracking uses). In my opinion this would be a better route than adding a back door to your program, which is bad practice and leaves you open to prosecution if it becomes comprimised.

As for not suppling code, you can easily just supply the complied application - I would recommend this anyway unless you specifically want them to be able to maintain the source code themselves. You should look into Obfuscation however, as .NET applications can easily be decompiled.

[Vonny232]

ok thanks for the advice, you gave me some stuff to think about