Re: Securing a Custom Application

From: Dejan Sarka (dejan_please_reply_to_newsgroups.sarka_at_avtenta.si)
Date: 08/30/04

  • Next message: Wayne Snyder: "Re: Securing a Custom Application" 
    Date: Mon, 30 Aug 2004 08:07:12 +0200

    Application roles can be the answer you need. You can use ODBC encryption
    when sending password - check
    http://msdn.microsoft.com/library/default.asp?url=/library/en-us/tsqlref/ts_sp_sa-sz_6tt1.asp.
    You could also use on the wire encryption using IPSec. Besides application
    roles, you could also use intermediate layer of stored procedures and views
    and give permissions to these obects only, never to base tables. 

    -- 
Dejan Sarka, SQL Server MVP
Associate Mentor
Solid Quality Learning
More than just Training
www.SolidQualityLearning.com
"Jake_adl" <Jakeadl@discussions.microsoft.com> wrote in message
news:8B1D8D22-18C6-44B5-9A23-9E9EC6E9F60D@microsoft.com...
> I am in the process of converting a custom Access 2000 application to
VB.Net
> and MSDE/SQL Server 2000.
>
> I want to secure the back-end so that only my front-end application can
edit
> data. I'm assuming I need to use an application role. I would like users
to
> be able to View data (in case they want to create their own
queries/reports
> outside of the SQL Server) but nobody is allowed to make changes to the
data
> unless it has been done through the application's front-end.
>
> What should I consider when securing SQL Server? And if I do use an
> application role, does that mean I have to store the password within the
> front-end? How can I do this securely?
>
> Can you please highlight some of the things I need to consider and
possibly
> point me to some useful resources?
>
> Thanks in advance.
  • Next message: Wayne Snyder: "Re: Securing a Custom Application"

    Relevant Pages

    • Re: Securing a Custom Application
      ... can encrypt the password over the wire using ODBC encryption. ... find some way to secure in on the client PC.... ... Wayne Snyder, MCDBA, SQL Server MVP ... > unless it has been done through the application's front-end. ...
      (microsoft.public.sqlserver.security)
    • Re: ADP vs. MDB?
      ... security model regardless of what the front-end application is. ... To obtain the Developer edition of SQL Server (you need this to ... I like the fact that .adp seems to be ...
      (microsoft.public.access.adp.sqlserver)
    • Occasional ODBC Timeouts From Access 2000 When Writing Record
      ... I just inherited a database that has an MDB client (front-end only) accessing ... records on SQL Server 7. ... update a record it will timeout giving the ODBC timeout error, ...
      (microsoft.public.sqlserver.odbc)
    • Need help choosing front end for SQL Server
      ... it's limit in terms of performance and reliability. ... The company has recently purchased an MS SQL server and it's my job to ... migrate the back-end as well as re-write the front-end (the front-end ... needs re-writing anyway). ...
      (microsoft.public.sqlserver.clients)
    • Re: Guide for switching to .ADP from .MDB
      ... >Create an Access database front-end to an SQL Server database back-end ... and the SQL Server provides centralized data ... >an MDB application from Access to SQL server. ...
      (microsoft.public.access.adp.sqlserver)