Is there a way to make it so that nobody can connect to sql unless they come
in through a certain app... without the use of Application Roles. ( my boss
doesnt want to have to pass in a password each time.)
TIA, ChrisROn Wed, 15 Dec 2004 16:09:00 -0800, "ChrisR" <ChrisR@.noEmail.com>
wrote:
>Is there a way to make it so that nobody can connect to sql unless they come
>in through a certain app... without the use of Application Roles. ( my boss
>doesnt want to have to pass in a password each time.)
Can't you also do it with Windows domain logins, by defining a new
domain group and assigning just certain people to that group (role?),
and then giving only that group login permission in SQLServer?
I'm obviously not the expert on this, but I had the impression that
was also possible - it's application roles, but done at the network
security level, and no special passwords are required. If it's
possible at all!
J.|||"ChrisR" <ChrisR@.noEmail.com> wrote in message
news:ewSE$Ow4EHA.1408@.TK2MSFTNGP10.phx.gbl...
> Is there a way to make it so that nobody can connect to sql unless they
come
> in through a certain app... without the use of Application Roles. ( my
boss
> doesnt want to have to pass in a password each time.)
Get a new boss. :-)
>
> TIA, ChrisR
>|||The dilema with this is that I need to know how to do it for SQL Logins as
well.
"JXStern" <JXSternChangeX2R@.gte.net> wrote in message
news:t9m1s01oi6urm763144udojr98tsvr3eh6@.4ax.com...
> On Wed, 15 Dec 2004 16:09:00 -0800, "ChrisR" <ChrisR@.noEmail.com>
> wrote:
> >Is there a way to make it so that nobody can connect to sql unless they
come
> >in through a certain app... without the use of Application Roles. ( my
boss
> >doesnt want to have to pass in a password each time.)
> Can't you also do it with Windows domain logins, by defining a new
> domain group and assigning just certain people to that group (role?),
> and then giving only that group login permission in SQLServer?
> I'm obviously not the expert on this, but I had the impression that
> was also possible - it's application roles, but done at the network
> security level, and no special passwords are required. If it's
> possible at all!
> J.
>|||If you want to secure the system from access outside of the application,
there are two methods outside of the use of Application Roles.
First, you should be using Windows Authentication. You can either grant
users access through the use of Windows Groups, which map to database roles,
or, have a single application login id, Windows Account. Your application
would then need to be set up as a server, use DCOM, or COM+ for the database
access components.
That's for the access. To keep users from accessing the data without using
the application, consider the exclusive use of stored procedures for all of
the data manipulation. Then for users with directly mapped access, through
individual logins or the use of Windows Groups, explicitly add these users
to the default db_denydatareader and db_denydatawriter database roles.
Sincerely,
Anthony Thomas
"ChrisR" <ChrisR@.noEmail.com> wrote in message
news:ewSE$Ow4EHA.1408@.TK2MSFTNGP10.phx.gbl...
Is there a way to make it so that nobody can connect to sql unless they come
in through a certain app... without the use of Application Roles. ( my boss
doesnt want to have to pass in a password each time.)
TIA, ChrisR
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment