Solved

Securing access to MS Sql 2000 database when AD is attached as an access for primary application.

Posted on 2008-10-15
3
147 Views
Last Modified: 2013-12-05
have a MS SQL Server 2000 database that we are opening to a Primary application to connect via OLEDB and AD. the question is how to keep other Office Apps or MS Utilities i.e. Excel, Query Analizer from the users being able to see, read and change data in the database thru anything but the primary application.
0
Comment
Question by:BlackBoxVS
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 22

Accepted Solution

by:
dportas earned 250 total points
ID: 22730785
Is your application a web app or similar N-tier architecture? If so, then you just need to restrict access on the SQL Server port to the web server / application server only.

If it's a 2-tier desktop app on the other hand, then by definition you must allow server access from the desktop. Ultimately, that architecture is always vulnerable to access from outside your application. You can mitigate the risk by using an Application Role (see Books Online) but that is only a quite thin facade of protection.

The bottom line is that if you are relying on your desktop app to implement security then your server is insecure by design. That's one reason why enterprises who care about security tend to favour server apps and services-oriented architectures.
0
 
LVL 22

Expert Comment

by:dportas
ID: 22730850
Note that stored procedures should be used to reduce the surface area of your database. You can deny access to tables, views, etc and perform all data access through procs. On its own though, this won't stop other applications accessing those same procs.
0
 
LVL 38

Assisted Solution

by:Jim P.
Jim P. earned 250 total points
ID: 22731027
When you say AD -- you are talking Active Directory and Windows Authentication?

Essentially there is no really good way to limit what application can connect to a SQL db.

Application Roles can limit some of what they can do, but there isn't much you can do with out crippling the office apps and/or the PCs with overwhelming security.
0

Featured Post

SharePoint Admin?

Enable Your Employees To Focus On The Core With Intuitive Onscreen Guidance That is With You At The Moment of Need.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Shadow IT is coming out of the shadows as more businesses are choosing cloud-based applications. It is now a multi-cloud world for most organizations. Simultaneously, most businesses have yet to consolidate with one cloud provider or define an offic…
A company’s centralized system that manages user data, security, and distributed resources is often a focus of criminal attention. Active Directory (AD) is no exception. In truth, it’s even more likely to be targeted due to the number of companies …
Video by: Steve
Using examples as well as descriptions, step through each of the common simple join types, explaining differences in syntax, differences in expected outputs and showing how the queries run along with the actual outputs based upon a simple set of dem…
Polish reports in Access so they look terrific. Take yourself to another level. Equations, Back Color, Alternate Back Color. Write easy VBA Code. Tighten space to use less pages. Launch report from a menu, considering criteria only when it is filled…

734 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question