Re: Securing a Custom Application

From: Jake_adl (Jakeadl_at_discussions.microsoft.com)
Date: 08/31/04 

Date: Tue, 31 Aug 2004 01:15:07 -0700

Thanks Dejan and Wayne.

Do I need to revoke any permissions from Administrators or the sa account?
Or is it simply enough to not grant them permissions on the stored procedures
and tables?

"Wayne Snyder" wrote:

> As Dejan suggests, using the Application role is perfect for this, and you
> can encrypt the password over the wire using ODBC encryption. but you must
> find some way to secure in on the client PC....
>
> --
> Wayne Snyder, MCDBA, SQL Server MVP
> Mariner, Charlotte, NC
> www.mariner-usa.com
> (Please respond only to the newsgroups.)
>
> I support the Professional Association of SQL Server (PASS) and it's
> community of SQL Server professionals.
> www.sqlpass.org
>
> "Jake_adl" <Jakeadl@discussions.microsoft.com> wrote in message
> news:8B1D8D22-18C6-44B5-9A23-9E9EC6E9F60D@microsoft.com...
> > I am in the process of converting a custom Access 2000 application to
> VB.Net
> > and MSDE/SQL Server 2000.
> >
> > I want to secure the back-end so that only my front-end application can
> edit
> > data. I'm assuming I need to use an application role. I would like users
> to
> > be able to View data (in case they want to create their own
> queries/reports
> > outside of the SQL Server) but nobody is allowed to make changes to the
> data
> > unless it has been done through the application's front-end.
> >
> > What should I consider when securing SQL Server? And if I do use an
> > application role, does that mean I have to store the password within the
> > front-end? How can I do this securely?
> >
> > Can you please highlight some of the things I need to consider and
> possibly
> > point me to some useful resources?
> >
> > Thanks in advance.
>
>
>

Relevant Pages

  • Re: Restricting access to rows of table(s)+WRITE rights in SQLsrvr2k
    ... one with select permissions and another with select, insert, update, delete ... Wayne Snyder, MCDBA, SQL Server MVP ... of SQL Server professionals. ... > and the other-with Read+WRITErights. ...
    (microsoft.public.sqlserver.security)
  • ADP, Application Role, and objects
    ... The above link is to an atricle on how to implement SQL Server Application ... After you connect with your ADP, fire a bit of code to set the ... third party tools to view the data on the same database. ... Scenario 1 - If I explicitly grant permissions on that object to the user ...
    (microsoft.public.access.adp.sqlserver)
  • Re: field level security question
    ... Vyas, MVP ... listBox control that gets data from a query of the sql server table. ... > recent change in requirement) I see the option to limit permissions right ... > utility opens except their is just no data. ...
    (microsoft.public.sqlserver.security)
  • RE: SQL 2008 - remote connection to the SSIS 2008 - Access denied
    ... SQL Server configures the appropriate rights during the installation process, ... then add users/groups and assign the appropriate permissions. ... user who created the package apply to the writer role. ... I checked DCOM MsDts component and my user rights for the Remote ...
    (microsoft.public.sqlserver.dts)
  • Re: Deny access to all users (including Administrator and DomainAd
    ... permissions on stored procedure override ... applictaion's user account permissions to the stored procedure which will ... Will try to deny access through the query for SQL Server 2005 and 2000. ... Remove everyone that you don't want rom an Administrator Groups ...
    (microsoft.public.sqlserver.security)