Re: SQL Authentication.
From: Mads (mav_at_scanvaegt.dk)
Date: 05/18/04
- Previous message: Mads: "Re: SQLServer Agent problems with windows security -- Help desperately needed."
- In reply to: newbie: "SQL Authentication."
- Next in thread: newbie: "Re: SQL Authentication."
- Reply: newbie: "Re: SQL Authentication."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 18 May 2004 09:56:15 +0200
Consider this:
-Do not give the sa password to anyone.
-As you suggest, encrypt SP.
-There is an option to encrypt the entire database, but this is quite
irelevant in normal office applications. Only of you work with governmental,
military og scientific secrets is the usually reqiured.
-Make all uses security settings, so that they can only see views, and make
sure that your client application is only using stored procedure calls and
views. This also simplifies you client application.
-Do the maintenance that require administrative privededges as scheduled,
automated jobs.
-Do not hand out any documentation on the back-end database. The most
important interllektual property is always the datamodel, and the procipals
surrounding this, not the actual code, as it usually takes longer time to
understand, that to re-write.
-Make sure that you sell a service agreement, so that all changes to the
standard system, and all maintenance that is more complicated than automated
jobs can handle, will be invoiceable. You will be amazed to see how folks
loose interest, when they have to pay.
enjoy....
Mads
"newbie" <anonymous@discussions.microsoft.com> wrote in message
news:D633ECA3-8F51-46B3-ABF4-1557C618A7DB@microsoft.com...
> Hi there,
>
> I am new to SQL Server, working for an ISV, and little confused about the
security model I should use for my .net application. Please read below for
the basic info about my application.
>
> 1> Built using .net
> 2> Will be deployed on client's machine with MSDE
> 3> MSDE installed using named instance
> 4> Interaction with the database using username and password in the
connection string (username and password remain hidden inside application)
> 5> Using SQL Authentication.
> 6> I will protect stored procedures etc using "With Encryption"
>
> Problem is that I do not want my client's to see the application's
database and tables etc using some 3rd party tool. I want to keep my
database literally inaccessible from such GUI tools (for sake of hiding from
competetion). What should I do. Even though I am using the mixed mode
authentication, still anyone who is system admin can login into my instance
and see the database. How should I protect our intellectual property.
>
> Please help. Thanks.
- Previous message: Mads: "Re: SQLServer Agent problems with windows security -- Help desperately needed."
- In reply to: newbie: "SQL Authentication."
- Next in thread: newbie: "Re: SQL Authentication."
- Reply: newbie: "Re: SQL Authentication."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
