Suppose I have an appliation made in VB6 which connects to SQL2000.
The applications creates a DSN(old style) to connecto to the server.
The user has a login an a password to use the application. The server
validades Windows NT login.
Every effort had been made to protect the database from intruders.
So far so good...
Next day, comes Clarck Kent and connects to the server simply by using the D
SN
and Excel 2000!!! He can browse, update and delete files!!!
How can I avoid such intruder.
Thank you... waitng for replies...
Rickuse stored procedures and validate within the procedures with app_name()
http://sqlservercode.blogspot.com/
"Rick" wrote:
> Suppose I have an appliation made in VB6 which connects to SQL2000.
> The applications creates a DSN(old style) to connecto to the server.
> The user has a login an a password to use the application. The server
> validades Windows NT login.
> Every effort had been made to protect the database from intruders.
> So far so good...
> Next day, comes Clarck Kent and connects to the server simply by using the
DSN
> and Excel 2000!!! He can browse, update and delete files!!!
> How can I avoid such intruder.
> Thank you... waitng for replies...
> --
> Rick|||On Wed, 21 Sep 2005 12:20:08 -0700, "Rick"
<Rick@.discussions.microsoft.com> wrote:
>Next day, comes Clarck Kent and connects to the server simply by using the
DSN
>and Excel 2000!!! He can browse, update and delete files!!!
>How can I avoid such intruder.
See "application roles" in BOL.
In other words, grant only limited and/or read access to the Windows
login, require another user or application login for updates and such.
J.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment