Solved

sql server - server level logins for apps

Posted on 2014-04-10
3
442 Views
Last Modified: 2014-04-29
is it common for applications with an underlying sql server database, to have a high number of server level logins for users of the application? Or can this be seen as a security issue? I am not a developer so unsure how the applicaiton and underlying DB typically interact.
0
Comment
Question by:pma111
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 30

Accepted Solution

by:
Rich Weissler earned 500 total points
ID: 39992731
'High number' is relative.  

When you say server level logins, you mean actual login credentials that exist to allow users to authenticate, and permit database users to be associated?

I don't see many applications which establishes a sql login per user of the application.   I can only think of one application I currently support that does this, and it's been limping along for decades, and will be end of life in 2017.  I'd be surprised to see another application do this, but in some ways it's more secure than some of the other security systems I've seen implemented.  (It is, however, a support challenge, and means that support of the application will require some database server role that I would prefer not to have to hand out.)

Slightly more frequently, an application will take advantage of Windows Integrated (Active Directory) credentials, and I can put a domain group in SQL security, the user can only access the database if they are in the correct group -- then the application has it's own internal authentication system internal to the application.  

Most frequently, I see a web based application which gets a small group of login/users, and the application takes care of all the actual user authentication completely invisibly to SQL.  (And in this case, I have to settle for a login who can read/write to necessary tables, a different login which is only used for updating the schema, and if I'm lucky - a third login which can only read some necessary tables.)   (Tragically, I frequently see third party applications which expect to install it's database as sysadmin, and run all it's communication from it's web application as sysadmin.  My server admins enjoy watching my hair stand up on end when vendors mention that this how their software installs...)

Does that help?  Or did I go off in the wrong direction?
0
 
LVL 3

Author Comment

by:pma111
ID: 39992748
Great help thanks
0
 
LVL 3

Author Comment

by:pma111
ID: 39993590
?>>When you say server level logins, you mean actual login credentials that exist to allow users to authenticate, and permit database users to be associated?


Yep, anything listed in sys.syslogins
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Occasionally there is a need to clean table columns, especially if you have inherited legacy data. There are obviously many ways to accomplish that, including elaborate UPDATE queries with anywhere from one to numerous REPLACE functions (even within…
Ever wondered why sometimes your SQL Server is slow or unresponsive with connections spiking up but by the time you go in, all is well? The following article will show you how to install and configure a SQL job that will send you email alerts includ…
Via a live example, show how to set up a backup for SQL Server using a Maintenance Plan and how to schedule the job into SQL Server Agent.
Via a live example, show how to setup several different housekeeping processes for a SQL Server.

756 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question