Re: Multiple security contexts
- From: Erland Sommarskog <esquel@xxxxxxxxxxxxx>
- Date: Wed, 30 May 2007 22:23:17 +0000 (UTC)
Eric Smith (EricSmith@xxxxxxxxxxxxxxxxxxxxxxxxx) writes:
Regards your first suggestion---I considered using stored procedures,
however there is no stopping users from pointing the reporting tool at
the stored procedures and executing them (or in fact just executing them
directly using something like Excel). That is, just like the
password-embedded-in-custom-app problem if anyone is sufficiently intent
on writing to the database, they will.
They would however be limited to what the stored procedures provide, and
you if write the procedures to validate business rules, what the user is
permitted to do etc it would not really matter if the user would run
the procedures from any other application.
--
Erland Sommarskog, SQL Server MVP, esquel@xxxxxxxxxxxxx
Books Online for SQL Server 2005 at
http://www.microsoft.com/technet/prodtechnol/sql/2005/downloads/books.mspx
Books Online for SQL Server 2000 at
http://www.microsoft.com/sql/prodinfo/previousversions/books.mspx
.
- References:
- Re: Multiple security contexts
- From: Erland Sommarskog
- Re: Multiple security contexts
- From: Eric Smith
- Re: Multiple security contexts
- Prev by Date: Re: Saving passwords in Management Studio
- Next by Date: Re: sql server services
- Previous by thread: Re: Multiple security contexts
- Next by thread: Re: problem with making owner for a database
- Index(es):
Relevant Pages
|
|
