Hi
I'm working with SQL 2000 and I want to know how can I avoid my users
connecting via other app such as:SQL query analyzer,MS Access,... in order
to modify data, when they are connecting through VB in their interfaces?
in other word, I want to limit the ways of connecting to DBs for a
particular login name (for example: login1)?
Any help would be thankful.With SQL 2000, that is not easy to accomplish. A user can use his/her login
credentials to access SQL Server and whatever objects he/she has permissions
for using any client side tool they choose.
You may wish to investigate using an Application Role, providing access and
permissions to that Application Role only, and not providing access and
permissions to any other login credentials for users. You would want to be
sure to assign explicit permissions, use stored procedures for data access,
and deny direct table access.
Here are some articles to start your research:
Security -Best Practices
http://vyaskn.tripod.com/sql_server...t_practices.htm
Security -Giving Permissions through Stored Procedures
http://www.sommarskog.se/grantperm.html
Arnie Rowland, Ph.D.
Westwood Consulting, Inc
Most good judgment comes from experience.
Most experience comes from bad judgment.
- Anonymous
You can't help someone get up a hill without getting a little closer to the
top yourself.
- H. Norman Schwarzkopf
"M" <rez1824@.yahoo.co.uk> wrote in message
news:op.tjl2pwupn9ig5y@.system109.parskhazar.net...
> Hi
> I'm working with SQL 2000 and I want to know how can I avoid my users
> connecting via other app such as:SQL query analyzer,MS Access,... in order
> to modify data, when they are connecting through VB in their interfaces?
> in other word, I want to limit the ways of connecting to DBs for a
> particular login name (for example: login1)?
> Any help would be thankful.|||Hi M,
Please drop me a note if the following description sounds interesting to
you.
Best regards
Adrian
Here we go:
Corrupt users and compromised user-accounts, cf Phishing, account for the
majority of attacks in the commercial world. We present a two-stage
anti-corruption system (ACS) for database servers that, in the first stage,
makes it very hard to gain access to a database with an unauthorised client
application or from an unauthorised client PC and, in the second stage,
provides
early precise hints on users performing suspicious activities. Our first
implementation of the ACS is for the MS SQL Server 2000. It uses only
documented
functions and relies completely on mechanisms and data already provided by
the
database server. Its smooth and efficient operation for several months in a
middle-sized decentralised company proves it a valuable addition to the pool
of
security measures.
"M" <rez1824@.yahoo.co.uk> wrote in message
news:op.tjl2pwupn9ig5y@.system109.parskhazar.net...
> Hi
> I'm working with SQL 2000 and I want to know how can I avoid my users
> connecting via other app such as:SQL query analyzer,MS Access,... in order
> to modify data, when they are connecting through VB in their interfaces?
> in other word, I want to limit the ways of connecting to DBs for a
> particular login name (for example: login1)?
> Any help would be thankful.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment