Urgent Crystal Report ODBC SQL 2005 connection problem
Posted on 2012-09-18
Hello all Experts...
I am facing a serious problem with Crystal Report using ODBC connection to access SQL server 2005.
I have written a VB.net 2003 application which will call the Crystal Report object to display a report.
When the crystal report object was called, it will then connection to a remote SQL 2005 server using the ODBC which already setup on the client machine.
The ODBC is using "sa" account to login to SQL 2005 with namedpipe connection.
The client machine is under a domain login, with the domain user account having domain admin rights enabled.
Everything works fine in the above setting.
However this also give a risk that this domain user can simply connection to the SQL server by using "windows authorization" mode (without any login needed!!!) in SQL management studio from the client machine, and all the data from the whole database will also be visible to them!!!!!
Now I have tried to remove the domain admin rights from the client user account, but this make the report failed to connect when calling the ODBC, even through I am sure that the ODBC is set to be using "sa" login, but NOT windows authorization mode.
I have also tried to disable the right to connect the SQL for this domain user in SQL 2005, and it still having the same problem....ODBC will then failed to connect.
Can any expert here can help me out to solve this security problem ?