Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Securing access to MS Sql 2000 database when AD is attached as an access for primary application.

Posted on 2008-10-15
3
Medium Priority
?
151 Views
Last Modified: 2013-12-05
have a MS SQL Server 2000 database that we are opening to a Primary application to connect via OLEDB and AD. the question is how to keep other Office Apps or MS Utilities i.e. Excel, Query Analizer from the users being able to see, read and change data in the database thru anything but the primary application.
0
Comment
Question by:BlackBoxVS
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 22

Accepted Solution

by:
dportas earned 750 total points
ID: 22730785
Is your application a web app or similar N-tier architecture? If so, then you just need to restrict access on the SQL Server port to the web server / application server only.

If it's a 2-tier desktop app on the other hand, then by definition you must allow server access from the desktop. Ultimately, that architecture is always vulnerable to access from outside your application. You can mitigate the risk by using an Application Role (see Books Online) but that is only a quite thin facade of protection.

The bottom line is that if you are relying on your desktop app to implement security then your server is insecure by design. That's one reason why enterprises who care about security tend to favour server apps and services-oriented architectures.
0
 
LVL 22

Expert Comment

by:dportas
ID: 22730850
Note that stored procedures should be used to reduce the surface area of your database. You can deny access to tables, views, etc and perform all data access through procs. On its own though, this won't stop other applications accessing those same procs.
0
 
LVL 38

Assisted Solution

by:Jim P.
Jim P. earned 750 total points
ID: 22731027
When you say AD -- you are talking Active Directory and Windows Authentication?

Essentially there is no really good way to limit what application can connect to a SQL db.

Application Roles can limit some of what they can do, but there isn't much you can do with out crippling the office apps and/or the PCs with overwhelming security.
0

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Microsoft Access is a place to store data within tables and represent this stored data using multiple database objects such as in form of macros, forms, reports, etc. After a MS Access database is created there is need to improve the performance and…
In this series, we will discuss common questions received as a database Solutions Engineer at Percona. In this role, we speak with a wide array of MySQL and MongoDB users responsible for both extremely large and complex environments to smaller singl…
In this video, Percona Solution Engineer Rick Golba discuss how (and why) you implement high availability in a database environment. To discuss how Percona Consulting can help with your design and architecture needs for your database and infrastr…
In this video, Percona Solutions Engineer Barrett Chambers discusses some of the basic syntax differences between MySQL and MongoDB. To learn more check out our webinar on MongoDB administration for MySQL DBA: https://www.percona.com/resources/we…

660 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question