Re: Application Roles

From: SQL Server Development Team [MSFT] (sqldev@microsoft.com)
Date: 12/18/02


From: "SQL Server Development Team [MSFT]" <sqldev@microsoft.com>
Date: Wed, 18 Dec 2002 10:26:46 -0800


You could store the password in the registry or in the file system using the
CryptProtectData API to encrypt the password based on either the machine
credentials or the user's credentials. Of course this means a smart user
(or hacker) could get the data back by getting the user to run something on
their behalf...

--
-Richard Waymire
Group Program Manager, SQL Server
(rwaymi@microsoft.com)
This posting is provided "AS IS" with no warranties, and confers no rights.
Use of included script samples are subject to the terms specified at
http://www.microsoft.com/info/cpyright.htm.
"Gary Murphy" <grmurphy@newfoundlandpower.com> wrote in message
news:0de501c2a5d2$5c751f50$8bf82ecf@TK2MSFTNGXA05...
> I have a question concerning SQL Server Application
> roles.  I want to use application roles in a new
> application we are developing inorder to prevent users
> from using tools like SQL analyzer or MS access from
> accessing the database directly.
>
> I don't like the idea of hardcoding a password in the
> application code for the application role.
>
> Any suggestions on how I can use "application roles" and
> somehow encrypt the password so it doesn't show up in the
> application code?
>
> Thanks...


Relevant Pages

  • Re: Balancing security needs in ADO.NET applications
    ... See my article http://www.developer.com/db/article.php/3693236 that shows how to put together a hierarchical TableAdapter using SPs. ... Hitchhiker's Guide to Visual Studio and SQL Server ... SQL Server credentials or the application's logon/pw. ... all they can do is run specific SPs that carefully guard the data and do not permit gross operations like dropping tables or changing rights. ...
    (microsoft.public.dotnet.framework.adonet)
  • Re: SQL Server 2000 / 2005 Encryption
    ... to encrypt your SSL connections will be different. ... SQL Server can generate its own self-signed certificates though, and that should make the SSL encryption/connectivity easier for you. ... Excel does not know how to decrypt data stored in SQL Server 2005 in encrypted form. ...
    (microsoft.public.sqlserver.security)
  • Re: Storing Connection String
    ... you can encrypt the traffic to the SQL Server. ... Hitchhiker's Guide to Visual Studio and SQL Server ... My idea is to have just one database user whose username and password ... Which means that if an user get hold of connection string ...
    (microsoft.public.dotnet.framework.adonet)
  • Re: Securing an MDF file
    ... Windows 2000 support encrypted file system property. ... Below are the steps encrypt the data files: ... Logon with the SQL Server startup account ... database files are encrypted under the identity of the account ...
    (microsoft.public.sqlserver.server)
  • Re: securing mdf files
    ... You can use the Encrypted File System Support on Windows 2000. ... Below are the steps encrypt the data files: ... Logon with the SQL Server startup account ... database files are encrypted under the identity of the account ...
    (microsoft.public.sqlserver.security)