May 12, 2004 at 9:25 pm
Hi,
I have a Windows 2000 Server w/ SP3 running MSSQL Server 2000 w/SP3. There is a third party app running on the mssql. Now the problem is the third party app has created a user with public and a dev (application) role. This user comes with a password that is used when communicating with the mssql from the client, meaning if I were to change the password in MSSQL, the client app will not be able to connect to the db. Yes, it is hard coded onto the application. What I need now is to restrict this user to be able to login from the app only and NOT ANYWHERE ELSE.....ie Enterprise Manager. Please advise me is there a way to do it, either by Group Policies or something.
Thanks in advance!
Ed
May 12, 2004 at 11:46 pm
Can't do it using Group Policy! You have to remember that SQL Server is a totally seperate Server and is NOT totally tied into the Windows Operating System.
When you create an Application and you decide to use either SQL Server Logins or Windows Authentication, your users will be able to access the Database via the application or from another source such as Enterprise Manager or Microsoft Access. What you have to do is restrict the users to what they are able to access in the Database and one way to do this is to use Static SQL! In other words, Stored Procedures. Doing it this way will only give access to the users for the Database via the Stored Procedure only.
May 13, 2004 at 12:03 am
Hi,
Thanks for the replies. The situation is such that the user name and password, which is hardcoded onto the app, is becoming a security concern. As long as I can restrict that username and password from access via Enterprise Manager, I am satisfied.
You mentioned stored procedures, could you elaborate on it? Sorry newbie to SQL.
May 13, 2004 at 12:03 am
Hi,
Thanks for the replies. The situation is such that the user name and password, which is hardcoded onto the app, is becoming a security concern. As long as I can restrict that username and password from access via Enterprise Manager, I am satisfied.
You mentioned stored procedures, could you elaborate on it? Sorry newbie to SQL.
May 14, 2004 at 1:31 am
I don't know your reasons for restricting certain apps from connecting to the SQL Server.
Much better would be to create the login and make this login a user of the database(s) the login is required to be in. Ensure that no server access is given to the login. This way you restrict the login to activities relating to the database(s) he/she is a user in (you may also be able to limit what the user can do within the database).
Ensure also that you have loaded the latest security patches to the SQL Server.
The login may be able to see the names of the databases and logins via EM, but not be able to do much else outside the confines of the databases he/she is a user in.
If indeed you do not want the user to see the names of other databases and logins, the only other option I can think of is creating a separate instance (if you have SQL Server 2000, that is) ...
HTH
Viewing 5 posts - 1 through 4 (of 4 total)
You must be logged in to reply to this topic. Login to reply