Solved

Security for SQL and Web Connections

Posted on 2014-02-10
5
260 Views
Last Modified: 2014-02-12
I currently have a Public facing Web server that has multiple Web sites two of the Web sites need access to the SQL Database Server on my local network. Currently I have a firewall rule that allows the web server to communicate to the SQL Server through the SQL ports but this is managed by the IP addresses of the SQL Server and The Web Server. The problem with is the web server has access to the complete SQL Server on the ports open for SQL. Is there a way to have individual web sites only have access to individual database on the SQL SERVER?

Thanks
0
Comment
Question by:ahmad1467
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
5 Comments
 
LVL 5

Expert Comment

by:Leon Kammer
ID: 39848248
Hi,

Using SQL authentication, the individual databases can be locked down to a specific user.

Cheers

Leon
0
 
LVL 23

Expert Comment

by:Patrick Bogers
ID: 39848249
Of course, they are called connection strings where you define a username/ password database etc.
This sql user only has rights to the database defined, nothing else.
0
 

Author Comment

by:ahmad1467
ID: 39848432
Thanks
 I under that I can lock down users to individual DB but I guess what I’m really looking for is to lock down Individual Websites to individual Databases.

Thanks
0
 
LVL 5

Assisted Solution

by:Leon Kammer
Leon Kammer earned 250 total points
ID: 39848445
Hi,

you can create a user, set the user's permissions in the DB, and then alter the connection string within the website to connect to the SQL server.

This is generally housed in the web.config file.
0
 
LVL 16

Accepted Solution

by:
Surendra Nath earned 250 total points
ID: 39851614
Yes, You can....

in order to accomplish this you have to create two SQL Logins
Let us say ABC, XYZ are the login names.....

Now for ABC assing the DB Reader role in the Database ABC_DB and remove the DBReader role in XYZ_DB....

and do viceversa for XYZ.... this will accomplish what you are looking for

you can use SP_dropRole, and SP_addRole inorder to accomplish this

http://technet.microsoft.com/en-us/library/ms189121.aspx
0

Featured Post

Edgartown IT Case Study

Learn about Edgartown's quest to ensure the safety and security of the entire town's employee and citizen data. Read the case study!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Substring works but need to tweak it 14 35
Help to debug powershell script 5 58
T-SQL: need to reset a declared variable 4 33
Enable TLS 1.2 for SQL 2012 Web Edition 1 25
In this article I will describe the Copy Database Wizard method as one possible migration process and I will add the extra tasks needed for an upgrade when and where is applied so it will cover all.
Ever needed a SQL 2008 Database replicated/mirrored/log shipped on another server but you can't take the downtime inflicted by initial snapshot or disconnect while T-logs are restored or mirror applied? You can use SQL Server Initialize from Backup…
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …

710 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question