Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

Using AD authentication on web application to access database

Posted on 2014-02-04
5
Medium Priority
?
239 Views
Last Modified: 2014-02-23
Hi All,

We have a web application which never used user AD authentication. We will be implementing auditing software which requires users to use their AD authentication.

Our database developer is worried that if we start using AD authentication and if the user has any query analyzer tools then we would have a security vulnerability.

Is there anything or way we can have users access the database but not allow them to use query analyzer tools?

Any help would be greatly appreciated.

Thanks
0
Comment
Question by:skyjumperdude
  • 3
  • 2
5 Comments
 
LVL 16

Expert Comment

by:Surendra Nath
ID: 39833905
The easiest way is a firewall,

Allow only the IP of your webserver only to pass through the SQL Server, and block all other IP's.

Now if a user wants to connect to the server from his machine, he will not be able to as the network will not be established in the first place, although he will be able to login.
0
 
LVL 1

Author Comment

by:skyjumperdude
ID: 39833978
Our web app server is in DMZ and the database is on internal Lan. Majority of the users will be accessing from internal lan. Our dba developer is worried that the users might be able to access the db through any query analyzer or other tools to pull out sensitive data.
0
 
LVL 16

Expert Comment

by:Surendra Nath
ID: 39834024
Ok, where ever you web server, your data should be accessed only through the web server right, but not through query analyzer for any user (not the dba's of course).

if that is the case, then as I said earlier, allow only the IP address of your webserver to connect to this SQL Server machine (windows machine).

As the all other users will have different IP's they will not be able to connect to the server at all in the first place.

Even a query analyzer internally will send a tcp/ip message with its IP, if the IP is not allowed by the server the query analyzer gives the message saying cannot connect.
0
 
LVL 1

Accepted Solution

by:
skyjumperdude earned 0 total points
ID: 39868107
Our web portal is for internal users so the traffic isn't even going through the firewall.

We have contacted MS for more info on this and There might be a way to secure it from SQL server.
0
 
LVL 1

Author Closing Comment

by:skyjumperdude
ID: 39880388
MS is helping us to secure it from SQL server side as the traffic isn't going through our firewall.
0

Featured Post

Managing Security & Risk at the Speed of Business

Gartner Research VP, Neil McDonald & AlgoSec CTO, Prof. Avishai Wool, discuss the business-driven approach to automated security policy management, its benefits and how to align security policy management with business processes to address today's security challenges.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Windocks is an independent port of Docker's open source to Windows.   This article introduces the use of SQL Server in containers, with integrated support of SQL Server database cloning.
Microsoft Access has a limit of 255 columns in a single table; SQL Server allows tables with over 255 columns, but reading that data is not necessarily simple.  The final solution for this task involved creating a custom text parser and then reading…
Using examples as well as descriptions, and references to Books Online, show the documentation available for date manipulation functions and by using a select few of these functions, show how date based data can be manipulated with these functions.
Wufoo.com provides powerful tools for surveying targeted groups, and utilizing data from completed surveys to find trends, discover areas of demand or customer expectation, and make business decisions on products or services.
Suggested Courses

572 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question