Giving access to outside web site to SQL Server stored procedure

From: "Don" <dons100@xxxxxxxxxxxxx>
Date: Sun, 28 Jan 2007 15:50:19 GMT

Hello, I have a sql server 2000 production database that will need to have
multiple web sites insert contact information into a table. I plan to
create a new sql user and only give it permission to execute one stored
procedure (that will do the insert row into the contact table).

Then I will provide to any outside vendor the SQL Server name, database,
user id, password and stored procedure(and input parameters) name. What are
the security concerns with this?

Would it make any sense to create a database with only this table in it, or
is this just overkill. I see that when I assign a new user to just one
database and one stored procedure that they can see the master database. Is
this an issue? Should I give the user
db_denydatareader on the master database?

Thanks

Don

.

Follow-Ups:
- Re: Giving access to outside web site to SQL Server stored procedure
  - From: Erland Sommarskog

Prev by Date: Re: Search encrypted column in SQL 2005http://msdn.microsoft.com/w
Next by Date: Re: Search encrypted column in SQL 2005http://msdn.microsoft.com/w
Previous by thread: Re: SQL Server and SSL
Next by thread: Re: Giving access to outside web site to SQL Server stored procedure
Index(es):
- Date
- Thread

Relevant Pages

Re: using sp_ as a naming convention for stored procedures
... System stored procedures are created and stored in the master ... database and have the sp_ prefix. ... from any database without having to qualify the stored procedure name fully ... SQL Server always looks for a stored procedure ...
(microsoft.public.sqlserver.programming)
Re: MS Access DAO -> ADO.NET Migration
... William Vaughn ... Microsoft MVP ... Hitchhiker's Guide to Visual Studio and SQL Server ... My migration app works building a SSCE database file with imported data ...
(microsoft.public.dotnet.framework.adonet)
Re: Trigger, alternative way to pass variable to trigger
... You don't have to execute the setUser command in the master database, ... create trigger trigger name ... to call stored procedure or execute sql commands and let it handle it the ... Pro SQL Server 2000 Database Design ...
(microsoft.public.sqlserver.programming)
Re: Debug stored procedures with VB6
... > I can't see in the sql server analyser a tool to debug a stored procedure. ... > "Val Mazur" a écrit dans le message de ... >>>>> My database is installed locally. ...
(microsoft.public.vb.database.ado)
RE: ASP.NET/Linked Server connection problem
... Destroy security and open the database for hackers by reducing security ... Wrap your work in a stored procedure that your connecting user account ... Create a custom ETL application to move the data. ... > I am trying to create/use a SQL Server Linked Server definition from ...
(microsoft.public.dotnet.framework.adonet)