Hi CodeCruiser, how do I then disable the Windows authentication, because I don't want the windows user to have access to the database.
David Johnson, CD
A normal user doesn't have access with windows integrated authentication unless the person that installs or maintains the database server gives them access. Sql Server has granular access. Quick read on SQL Security
koossa
ASKER
What I'm currently doing is install SQL server with a SA Password eg: 'Password1'
Then before I create my tables, I first change the SA password
ALTER LOGIN sa WITH PASSWORD = 'Password2' OLD_PASSWORD = 'Password1';
But the problem is, when I log in on the database using Windows Authentication with SQL server management studio I cannot see any tables that I have created using the sa account, but when I go to 'Security' and 'Logins' and go the the windows user and change it's 'user mappings' to all the databases, then the Windows user is able to view and edit all my tables and I don't want any user to get access to these tables because my application's licensing detail is saved in the database.
Only the 'sa' account must be able to view/modify the data.
SA gives the attacker a known item username SA, now its brute force password time.
Every so often I go through my sql server security logs, and I see hundreds of attempts using SA on port 1433 which doesn't exist in my domain.
What ROLE did you give that user?
db_denydatareader: Members can’t view data within the database.
db_denydatawriter: Members can’t change or delete data in tables or views.
What happens if there is already a copy of sql server running on the clients system? What does your installer do then? add another instance? or just add a database to the existing server? or add to master.dbf ?
koossa
ASKER
I install my own unique instance with a unique instance name.
Yes, I can do that, but I thought SQL server's security would be adequate?
The problem is there are a lot of sensitive data in the database that I don't want to user to access.