Win Auth. - How do I prevent direct user access
From: D Barry (google_at_dcbarry.com)
Date: 09/25/04
- Next message: Steve Troxell: "Re: auditing database/server activities"
- Previous message: Mike Cohen: "RE: SQL2005b2 - linked servers"
- Next in thread: Sue Hoegemeier: "Re: Win Auth. - How do I prevent direct user access"
- Reply: Sue Hoegemeier: "Re: Win Auth. - How do I prevent direct user access"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: 24 Sep 2004 15:57:13 -0700
Hello:
My organiziation would like to shut off Mixed Auth. and instead move
towards Windows Auth only. The advantages are huge, -- password
control, double-hop with Kerberos, etc.
This is great when using front end apps, but the problem stumping me
is how to prevent end-users from connecting with unauthorized tools
(Enterprise Manager, Excel) and hitting the database directly.
One drastic solution (which I don't see as feasable) would have us
firewall our server to only accept connections from application
servers. But this doesn't help with 2-tier apps that talk directly to
the database, or the legitimate Enterprise Manager user.
Are we going down the wrong road? Should all our connections be via
impersonation? This also seems extreme. I guess what I'm looking
for is a two factor form on authroization -- yes, you are using an
authorized application, and you are an authorized user.
Has anyone had to address this issue?
Thanks,
d.
- Next message: Steve Troxell: "Re: auditing database/server activities"
- Previous message: Mike Cohen: "RE: SQL2005b2 - linked servers"
- Next in thread: Sue Hoegemeier: "Re: Win Auth. - How do I prevent direct user access"
- Reply: Sue Hoegemeier: "Re: Win Auth. - How do I prevent direct user access"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
