Solved

Securing access to MS Sql 2000 database when AD is attached as an access for primary application.

Posted on 2008-10-15
3
141 Views
Last Modified: 2013-12-05
have a MS SQL Server 2000 database that we are opening to a Primary application to connect via OLEDB and AD. the question is how to keep other Office Apps or MS Utilities i.e. Excel, Query Analizer from the users being able to see, read and change data in the database thru anything but the primary application.
0
Comment
Question by:BlackBoxVS
  • 2
3 Comments
 
LVL 22

Accepted Solution

by:
dportas earned 250 total points
ID: 22730785
Is your application a web app or similar N-tier architecture? If so, then you just need to restrict access on the SQL Server port to the web server / application server only.

If it's a 2-tier desktop app on the other hand, then by definition you must allow server access from the desktop. Ultimately, that architecture is always vulnerable to access from outside your application. You can mitigate the risk by using an Application Role (see Books Online) but that is only a quite thin facade of protection.

The bottom line is that if you are relying on your desktop app to implement security then your server is insecure by design. That's one reason why enterprises who care about security tend to favour server apps and services-oriented architectures.
0
 
LVL 22

Expert Comment

by:dportas
ID: 22730850
Note that stored procedures should be used to reduce the surface area of your database. You can deny access to tables, views, etc and perform all data access through procs. On its own though, this won't stop other applications accessing those same procs.
0
 
LVL 38

Assisted Solution

by:Jim P.
Jim P. earned 250 total points
ID: 22731027
When you say AD -- you are talking Active Directory and Windows Authentication?

Essentially there is no really good way to limit what application can connect to a SQL db.

Application Roles can limit some of what they can do, but there isn't much you can do with out crippling the office apps and/or the PCs with overwhelming security.
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

Suggested Solutions

Read about achieving the basic levels of HRIS security in the workplace.
Many companies are looking to get out of the datacenter business and to services like Microsoft Azure to provide Infrastructure as a Service (IaaS) solutions for legacy client server workloads, rather than continuing to make capital investments in h…
Video by: Steve
Using examples as well as descriptions, step through each of the common simple join types, explaining differences in syntax, differences in expected outputs and showing how the queries run along with the actual outputs based upon a simple set of dem…
Polish reports in Access so they look terrific. Take yourself to another level. Equations, Back Color, Alternate Back Color. Write easy VBA Code. Tighten space to use less pages. Launch report from a menu, considering criteria only when it is filled…

757 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now