Re: Database utilities
- From: "Sam Hobbs" <samuel@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Tue, 6 Dec 2005 08:24:48 -0800
"Dan Guzman" <guzmanda@xxxxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:u0%23ilqQ%23FHA.4092@xxxxxxxxxxxxxxxxxxxxxxx
> Preventing access to database utility software does not in itself provide
> data security. One can write and execute a script like the one below
> using only a text editor.
>
> Set conn = CreateObject("ADODB.Connection")
> conn.Open _
> "Provider=SQLOLEDB;" & _
> "Data Source=MyServer;" & _
> "Integrated Security=SSPI;" & _
> "Initial Catalog=MyDatabase;"
> conn.Execute "DELETE FROM MyTable"
The script would not actually be executed by the text editor, but otherwise
this is an example of something that would be impractical to remove. The
actual programs would be WScript and CScript. If removal of possibly risky
tools is done to protect thd data, then WScript and CScript would have to be
removed also, which would make all scripts useless. HTML scripting
capability would also have to be removed.
> it is often desirable to discourage ad-hoc SQL access to production
> databases using database tools and utilities. Consider a non-technical
> user with the database object permissions needed in order to use an
> application. With a separate reporting tool, the user could easily access
> the database from outside the application and cause blocking or other
> performance problems with a poorly formed query. This is one reason why
> it is common to create a separate database for end-user reporting and
> provide users with the tools needed to do their job.
I think that perormance is not a typical security matter. Performance
considerations such as this make the problem much more complicated. In those
situations where elimination of possible performance problems require a
security solution different from other security solutions, I think that the
benefits would not justify the cost. I think that performance problems
should not be a primary duty of security and is especially outside the scope
of my project.
> Applications sometimes use an application login or role to provide data
> access under a security context other than the end user. This approach
> provides users with the database permissions needed to use the app yet
> prevents adhoc access from outside the context of the application unless
> the user's own login has been granted the access and permissions.
I do not know if this application's login provides a different security
context; I am not aware of that, but it is worth investigating.
If the application provides the ability to execute a macro during or
immediately following an application, is it possible that the security
context could be changed then? I realize that this might not work for this
particular application, so I am asking only if it might work.
Perhaps it is possible to write a program that changes the security context
then executes the application, but that would be impractical if it requires
a separate login. I need to learn about SQL Server's roles before deciding
to use a solution such as this.
SQL Server's roles seem to be the prefered solution and I will read the
article you specify before I ask any questions about roles.
.
- Follow-Ups:
- Re: Database utilities
- From: Dan Guzman
- Re: Database utilities
- References:
- Database utilities
- From: Sam Hobbs
- Re: Database utilities
- From: Dan Guzman
- Database utilities
- Prev by Date: Re: Database Users and Triggers
- Next by Date: Management Studio: DB Context: Script Opens a new connection - How do I get script to reuse the connection from a previous script?
- Previous by thread: Re: Database utilities
- Next by thread: Re: Database utilities
- Index(es):
Relevant Pages
|
