Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Securing access to MS Sql 2000 database when AD is attached as an access for primary application.

Posted on 2008-10-15
3
Medium Priority
?
152 Views
Last Modified: 2013-12-05
have a MS SQL Server 2000 database that we are opening to a Primary application to connect via OLEDB and AD. the question is how to keep other Office Apps or MS Utilities i.e. Excel, Query Analizer from the users being able to see, read and change data in the database thru anything but the primary application.
0
Comment
Question by:BlackBoxVS
  • 2
3 Comments
 
LVL 22

Accepted Solution

by:
dportas earned 750 total points
ID: 22730785
Is your application a web app or similar N-tier architecture? If so, then you just need to restrict access on the SQL Server port to the web server / application server only.

If it's a 2-tier desktop app on the other hand, then by definition you must allow server access from the desktop. Ultimately, that architecture is always vulnerable to access from outside your application. You can mitigate the risk by using an Application Role (see Books Online) but that is only a quite thin facade of protection.

The bottom line is that if you are relying on your desktop app to implement security then your server is insecure by design. That's one reason why enterprises who care about security tend to favour server apps and services-oriented architectures.
0
 
LVL 22

Expert Comment

by:dportas
ID: 22730850
Note that stored procedures should be used to reduce the surface area of your database. You can deny access to tables, views, etc and perform all data access through procs. On its own though, this won't stop other applications accessing those same procs.
0
 
LVL 38

Assisted Solution

by:Jim P.
Jim P. earned 750 total points
ID: 22731027
When you say AD -- you are talking Active Directory and Windows Authentication?

Essentially there is no really good way to limit what application can connect to a SQL db.

Application Roles can limit some of what they can do, but there isn't much you can do with out crippling the office apps and/or the PCs with overwhelming security.
0

Featured Post

Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This post looks at MongoDB and MySQL, and covers high-level MongoDB strengths, weaknesses, features, and uses from the perspective of an SQL user.
One of the most important things in an application is the query performance. This article intends to give you good tips to improve the performance of your queries.
This is a high-level webinar that covers the history of enterprise open source database use. It addresses both the advantages companies see in using open source database technologies, as well as the fears and reservations they might have. In this…
In this video, Percona Solutions Engineer Barrett Chambers discusses some of the basic syntax differences between MySQL and MongoDB. To learn more check out our webinar on MongoDB administration for MySQL DBA: https://www.percona.com/resources/we…
Suggested Courses

916 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question