Direct client access to DB
From: Dave (David_Najac@hotmail.com)
Date: 03/05/03
- Previous message: Bhikku: "How to shut down port # 1434?"
- Next in thread: Hal Berenson: "Re: Direct client access to DB"
- Reply: Hal Berenson: "Re: Direct client access to DB"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Dave" <David_Najac@hotmail.com> Date: Wed, 5 Mar 2003 08:55:57 -0800
Presently I have a client/server app that gives clients
direct RW access to the DB (ie User Joe logs into the app
and has rights to specific tables/etc in the DB).
Security is controlled in the database via rights
assignments to a role in which certain users are a member
of. Additional row-level security is enforced via the
front-end application. The problem is that someone could
thwart security that is enforced within the app by
creating an ODBC connection to the DB through Access or
Excel, connect to the DB as 'Joe' and perform destructive
operations or see data that he is otherwise not authorized
to see as the connection would be outside of the security
context enforced within the app itself.
Does anyone know of a way in SQL 2000 to enforce
connection level security so that ad-hoc odbc
connections/etc are not allowed? I know that I could
enable multiprotocol encryption on the client and server,
however that would allow any client (with the
multiprotocol encryption enaled) to access the DB, even if
through something like Access/Excel via ODBC, correct? Is
there a better way to do this?
Thanks in advance for your assistance.
Dave
- Previous message: Bhikku: "How to shut down port # 1434?"
- Next in thread: Hal Berenson: "Re: Direct client access to DB"
- Reply: Hal Berenson: "Re: Direct client access to DB"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
