Re: Securing a Custom Application

From: Wayne Snyder (wayne.nospam.snyder_at_mariner-usa.com)
Date: 08/30/04

• Next message: Kevin McDonnell [MSFT]: "Re: Login failed for user 'sa'."
• Previous message: Dejan Sarka: "Re: Securing a Custom Application"
• In reply to: Jake_adl: "Securing a Custom Application"
• Next in thread: Jake_adl: "Re: Securing a Custom Application"
• Reply: Jake_adl: "Re: Securing a Custom Application"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Date: Mon, 30 Aug 2004 08:09:35 -0400

As Dejan suggests, using the Application role is perfect for this, and you
can encrypt the password over the wire using ODBC encryption. but you must
find some way to secure in on the client PC....

-- 
Wayne Snyder, MCDBA, SQL Server MVP
Mariner, Charlotte, NC
www.mariner-usa.com
(Please respond only to the newsgroups.)
I support the Professional Association of SQL Server (PASS) and it's
community of SQL Server professionals.
www.sqlpass.org
"Jake_adl" <Jakeadl@discussions.microsoft.com> wrote in message
news:8B1D8D22-18C6-44B5-9A23-9E9EC6E9F60D@microsoft.com...
> I am in the process of converting a custom Access 2000 application to
VB.Net
> and MSDE/SQL Server 2000.
>
> I want to secure the back-end so that only my front-end application can
edit
> data. I'm assuming I need to use an application role. I would like users
to
> be able to View data (in case they want to create their own
queries/reports
> outside of the SQL Server) but nobody is allowed to make changes to the
data
> unless it has been done through the application's front-end.
>
> What should I consider when securing SQL Server? And if I do use an
> application role, does that mean I have to store the password within the
> front-end? How can I do this securely?
>
> Can you please highlight some of the things I need to consider and
possibly
> point me to some useful resources?
>
> Thanks in advance.

---

• Next message: Kevin McDonnell [MSFT]: "Re: Login failed for user 'sa'."
• Previous message: Dejan Sarka: "Re: Securing a Custom Application"
• In reply to: Jake_adl: "Securing a Custom Application"
• Next in thread: Jake_adl: "Re: Securing a Custom Application"
• Reply: Jake_adl: "Re: Securing a Custom Application"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages Re: Securing a Custom Application ... You can use ODBC encryption ... when sending password - check ... Dejan Sarka, SQL Server MVP ... > unless it has been done through the application's front-end. ... (microsoft.public.sqlserver.security) Securing a Custom Application ... and MSDE/SQL Server 2000. ... I want to secure the back-end so that only my front-end application can edit ... What should I consider when securing SQL Server? ... (microsoft.public.sqlserver.security) Re: Securing a Custom Application ... Do I need to revoke any permissions from Administrators or the sa account? ... > can encrypt the password over the wire using ODBC encryption. ... > Wayne Snyder, MCDBA, SQL Server MVP ... > community of SQL Server professionals. ... (microsoft.public.sqlserver.security) Secure access to a SQL Server database ... securely accessing SQL Server. ... script text, computer launched from, user launching. ... the hash value that gets authenticated against the secure table. ... ASP Currently we use SQL Server authentication and stuff something in a ... (microsoft.public.sqlserver.security) Re: Best method of saving data between the normal and SSL stuff ... I would use a central SQL Server to host both secure and non-secure data. ... > What I want to do is store their completed orders so that they can look at ... > to same http 'hit' DB? ... (microsoft.public.inetserver.asp.db)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Newsgroups  > microsoft.public.sqlserver.security  > 2004-08