use of application roles
From: Sandy (sandra.carr1_at_jsc.nasa.gov)
Date: 06/26/03
- Previous message: Tom Moreau: "Re: role/permissions to allow SELECT and creating and deleting triggers"
- Next in thread: Dan Guzman: "Re: use of application roles"
- Reply: Dan Guzman: "Re: use of application roles"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 26 Jun 2003 13:15:40 -0700
Question 1: If I use SQL Server 2000's 'application role'
to let my users enter data via a custom application, am I
creating a security hole because of the hardcoded username
& password?
Background: The application allows users to logon via
passthrough Windows authentication. The users enter data
into the application and have no reason to directly access
the database. The application puts the data into the
correct tables and keeps an audit trail.
Question 2: Do the users need any rights to the database
if the 'application role' is used?
- Previous message: Tom Moreau: "Re: role/permissions to allow SELECT and creating and deleting triggers"
- Next in thread: Dan Guzman: "Re: use of application roles"
- Reply: Dan Guzman: "Re: use of application roles"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
