Re: Preventing unauthorized access
From: Adam Machanic (amachanic_at_air-worldwide.nospamallowed.com)
Date: 02/24/04
- Next message: Bruce Rhoades: "Minimum rights for SQL Agent"
- Previous message: Olu Adedeji: "Re: DTS Permissions"
- In reply to: /dev/null: "Preventing unauthorized access"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 24 Feb 2004 17:33:34 -0500
Use only stored procedures to access the database in your application. Do
not grant any permissions on tables or views to users; only grant
permissions on stored procedures. This will effectively block access to the
database from any source except your application (or a keen user who knows
how to properly call the stored procedures).
"/dev/null" <anonymous@discussions.microsoft.com> wrote in message
news:4AD3A344-840C-47B4-A9DE-9968BF748D0C@microsoft.com...
> I am building a windows forms VB .NET project that connects to an SQL
server database. The problem we have is that since we are using
windows-based authentication, anyone with access or even excel can connect
to the sql server and fiddle with the data. I looked into application roles
but using this we lose flexibility for giving (or removing) rights from
specific users.
>
> This problem wouldn't exist if we were building web apps, as we could set
things up in a way the web server would be the only one to connect to the
database.
>
> What do people use in enterprises to prevent users from connecting to
databases with unauthorized apps ?
>
> Thanks in advance.
- Next message: Bruce Rhoades: "Minimum rights for SQL Agent"
- Previous message: Olu Adedeji: "Re: DTS Permissions"
- In reply to: /dev/null: "Preventing unauthorized access"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
