Re: Win Auth. - How do I prevent direct user access

From: Sue Hoegemeier (Sue_H_at_nomail.please)
Date: 09/27/04

  • Next message: jack: "Users booted from SQL Member Server" 
    Date: Sun, 26 Sep 2004 20:36:37 -0600

    One option is to use application roles to restrict the users
    accessing the database using certain applications only. For
    more information, refer to the Application Roles topic in
    books online.

    -Sue

    On 24 Sep 2004 15:57:13 -0700, google@dcbarry.com (D Barry)
    wrote:

    >Hello:
    >
    >My organiziation would like to shut off Mixed Auth. and instead move
    >towards Windows Auth only. The advantages are huge, -- password
    >control, double-hop with Kerberos, etc.
    >
    >This is great when using front end apps, but the problem stumping me
    >is how to prevent end-users from connecting with unauthorized tools
    >(Enterprise Manager, Excel) and hitting the database directly.
    >
    >One drastic solution (which I don't see as feasable) would have us
    >firewall our server to only accept connections from application
    >servers. But this doesn't help with 2-tier apps that talk directly to
    >the database, or the legitimate Enterprise Manager user.
    >
    >Are we going down the wrong road? Should all our connections be via
    >impersonation? This also seems extreme. I guess what I'm looking
    >for is a two factor form on authroization -- yes, you are using an
    >authorized application, and you are an authorized user.
    >
    >Has anyone had to address this issue?
    >
    >
    >Thanks,
    >
    >d.

  • Next message: jack: "Users booted from SQL Member Server"

    Relevant Pages

    • Re: Reducing load for LAMP app?
      ... MySQL: as much as possible, he keeps query results in RAM, but ... His hoster says that Apache server is under significant load. ... Using apc is pretty much transparent, but memcached will require modifying your database abstraction layer using the memcached functions. ... With persistent connections, you must have the maximum number of connections *ever* required allocated *all of the time* - even if no one is using your server. ...
      (comp.lang.php)
    • Re: Slow connections & Select database
      ... we are having problems with slow connections on our informix database. ... I've tried both shm connections and tcp connections on the db server, and the shm are a bit slow but tcp are much worse. ... Changing sqlhosts to include an IP address only helps the client end of things find the server's IP address by avoiding a forward DNS look-up. ...
      (comp.databases.informix)
    • Re: Too Many Client tasks
      ... You are either not closing database connections or there are just too many ... concurrent users for MS Access to accomodate. ... > error until I reboot the server. ...
      (microsoft.public.inetserver.asp.db)
    • Re: Slow connections & Select database
      ... If you want to check for network latency, you can do a series of pingfrom the client to the server and if you want to get fancy, do a traceroute as well. ... Did Rosie try a different database? ... > we are having problems with slow connections on our informix database. ...
      (comp.databases.informix)
    • Re: How can I open an SQL database and be the only one who has access to it?
      ... you can determine how SS permits access to your server. ... SINGLE_USER allows one user at a time to connect to the database. ... controlled by the termination clause of the ALTER DATABASE statement. ... To allow multiple connections, the database must be changed to ...
      (microsoft.public.data.ado)