Giving access to outside web site to SQL Server stored procedure
- From: "Don" <dons100@xxxxxxxxxxxxx>
- Date: Sun, 28 Jan 2007 15:50:19 GMT
Hello, I have a sql server 2000 production database that will need to have
multiple web sites insert contact information into a table. I plan to
create a new sql user and only give it permission to execute one stored
procedure (that will do the insert row into the contact table).
Then I will provide to any outside vendor the SQL Server name, database,
user id, password and stored procedure(and input parameters) name. What are
the security concerns with this?
Would it make any sense to create a database with only this table in it, or
is this just overkill. I see that when I assign a new user to just one
database and one stored procedure that they can see the master database. Is
this an issue? Should I give the user
db_denydatareader on the master database?
Thanks
Don
.
- Follow-Ups:
- Re: Giving access to outside web site to SQL Server stored procedure
- From: Erland Sommarskog
- Re: Giving access to outside web site to SQL Server stored procedure
- Prev by Date: Re: Search encrypted column in SQL 2005http://msdn.microsoft.com/w
- Next by Date: Re: Search encrypted column in SQL 2005http://msdn.microsoft.com/w
- Previous by thread: Re: SQL Server and SSL
- Next by thread: Re: Giving access to outside web site to SQL Server stored procedure
- Index(es):
Relevant Pages
|
