Re: Restrict access to SQL database through ODBC

From: Morris Lewis (Morris@Holistech.com)
Date: 06/30/02 

From: "Morris Lewis" <Morris@Holistech.com>
Date: Sun, 30 Jun 2002 01:57:33 -0500

This situation shows one of the limitations of server security in general.
If SS is available on the network and clients know a valid account and
password (their NT account in this case), they can gain access. Application
roles are the only available solution. Since you don't have that option,
you're stuck. Network authentication options like IPsec and Kerberos won't
help you either. Even checking on the application name won't help because
it's just a parameter in the ODBC connection string.

If your application does set the application name, you can set up a profiler
alert that looks for connections which don't have the right application
name. It's not foolproof by any means, but it will help you catch the people
who don't know to put the application name in the connection string.

Sorry I don't have a better solution.

Morris Lewis
MCDBA, MCSD, MCSE+I, MCT, CTT+
President, Holistech Inc

"Chris Goddard" <cjg@exel.co.uk> wrote in message
news:12bfa01c21ddc$c06c7860$b1e62ecf@tkmsftngxa04...
> I have a third-party (client / server) application which
> requires access through an ODBC DSN to my SQL Server
> database. I would like the user's access to the database
> to be restricted to this application only. Since the app
> is a 3rd party app I cannot use application roles as I
> have no control over the connection and therefore cannot
> run sp_setapprole on that connection.
>
> Is there any way I can use the ODBC data source but hide
> it from other applications such as MSOFFICE which use
> ODBC. I would also like to prevent the user from setting
> up their own ODBC datasources which could point at the
> database server.
>
> Connection is using Integrated Security.
>
> Any advice welcome.

Relevant Pages

  • Re: Alternative to using DSN to connect to database
    ... you have to use .NET ODBC provider. ... Server is NOT optimized. ... Just because of the Admiistrator thinking DSN is easier for him to control ... > Basically my problem is that the ODBC Connection Manager in Control Panel ...
    (microsoft.public.dotnet.framework.adonet)
  • Re: SQL Desktop server got somehow disconnected
    ... I can indeed make an ODBC connection. ... This is the output I get from the SQL server setup window after testing the ...
    (microsoft.public.sqlserver.connect)
  • Re: I cannot Create an ODBC source for SQL server 2005
    ... My fix was to use Named Pipes - this protocol is supported by default in SQL (check in Server Network Utility) and presto - all is OK. ... We were careful to cancel out of the ODBC DSN wizard, but it evidently was still enough to mess up the connection. ... ID sa and password - SQL Server Error 6: ...
    (microsoft.public.sqlserver.connect)
  • Re: MDAC 2.8 Update Causes Problems
    ... try to use the ODBC Control Panel I get the same error posted above. ... connection string; connection failed.. ... It's better to use the native ADO driver for SQL Server. ...
    (microsoft.public.sqlserver.server)
  • Re: Adding computer to second network
    ... You can try and connect to another server like this: ... valid account in this domain ... > I have a computer thats part of a network. ... > So there is a connection but not fully. ...
    (microsoft.public.windows.server.networking)