Re: Is there an alternative to disabling windows authentication?
- From: "Arnie Rowland" <arnie@xxxxxxxx>
- Date: Sat, 28 Oct 2006 11:23:44 -0700
Don't provide any Windows login accounts permissions to log into the SQL
Server. Remove domain accounts from the Local Administrators.
And to a more salient point: Why on earth are you providing all users
database access as 'sa'?
Since all users are 'sa', the roles are useless because they are all system
admins in the SQL Server. That is the most egregious security breach
imaginable. Any user that knows (or learns) how to use Excel to connect to
SQL Server, or installs an eval version of SQL Server and client tools
(meaning Enterprise Manager and Query Analyzer) will have the ability to
muck up your data and/or schema.
I surely hope that this isn't a regulated market that has to comply with
HIPAA or SARBOX -the application will fail the security audit.
--
Arnie Rowland, Ph.D.
Westwood Consulting, Inc
Most good judgment comes from experience.
Most experience comes from bad judgment.
- Anonymous
You can't help someone get up a hill without getting a little closer to the
top yourself.
- H. Norman Schwarzkopf
"jwbutler via SQLMonster.com" <u16619@uwe> wrote in message
news:685be1dc39bfc@xxxxxx
I'm a third party developer and my database gets installed on all types of
network setups. I can't control the active directory settings for the
users
so I want to protect my database by only allowing SQL Server
Authentication.
I'm using MSDE 2000.
I have a security manager as part of my system that the users interact
with
to assign rights and permissions to database objects. I translate this
into
SQL Server authentication. The only logins are sa and several default
logins
I created for different aspects of my system. I removed the BUILTIN\
Administrators Group. The only database roles are db_accessadmin,
db_backupoperator, db_datareader, db_ddladmin, db_denydatareader,
db_denydatawriter, db_owner, db_securityadmin, and public. The only
database
user is dbo (sa).
With this setup I thought I could block Windows authentication but from
what
I've read this can not be done. Is there another way to accomplish this?
--
Message posted via http://www.sqlmonster.com
.
- References:
- Is there an alternative to disabling windows authentication?
- From: jwbutler via SQLMonster.com
- Is there an alternative to disabling windows authentication?
- Prev by Date: Re: An error occurred during decryption
- Next by Date: Database Maintenance Planner
- Previous by thread: Is there an alternative to disabling windows authentication?
- Next by thread: Question about Windows login vs. SQL login
- Index(es):
Relevant Pages
|
