Hi guys,
I'm planning developping an application in C# that will manage users
profiles, the system will have between 100k-250k users to be managed in a
production environment. I need to store those users profiles into a
database and i'm still searching the right database format. I need the db
to be encrypted, STRONG encryption would be preferable ( something like AES
256, and AES keys secured with RSA 1024+ ) . Also the choosen database must
allow me to filter users on criteria like: "... WHERE Age > 18 AND Age <
21". So this basicly mean that the database must decrypt it's content
before executing the resquest ( or something like that ). The db also need
to be local to the application ( we want to avoid a database server or
something like it ). The last required feature is that we want ONLY our
program to access to this database, the db need to be like a proprietary db,
this is VERY important, we don't want another app that could read or change
users profiles. If the db system could be a file based database ( like MS
Access or something like it, it would be nice ), we want to avoid opening
port like the MSSQL port ( 1433 ) on this PC....
Here's a glimpse of our architecture:
SERVER:
- Local DB
- Our APP ( Which is the local db client, but it's also a server for all
the client on the network ), the app will act like a bridge, all client do
request on our app, and the app check in the database and return the
requested information ( after some bizness logic ).
CLIENT:
Client APP: This app does request to our server, the client
connection is secured with a assymetric encryption ( RSA 1024 )
public/private key exchange to transfer the data.
Note: The client can also be physicly local with the server. Nothing
resttrict the client to be installed on the same PC as the server. In some
case those will be the same PC.
One last thing, this will be a part of a product which will be distribute on
the commercial market later on.... So if the db server could be easily
integrated with our product this would be perfect ( so i'm trying to avoid
MSSQL or ORACLE, or any kind of big server, which require alot of resource
( computer & money ), and the license must allow us to distribute this
engine ( freely or with a reasonnable fee ).
Up to now i've check XML ( using XPATH ) to query, but XML aint encrypted
and loading an XML with 250k profiles takes time ( AND memory ).
Tnx!