Solved

sql server - server level logins for apps

Posted on 2014-04-10
3
432 Views
Last Modified: 2014-04-29
is it common for applications with an underlying sql server database, to have a high number of server level logins for users of the application? Or can this be seen as a security issue? I am not a developer so unsure how the applicaiton and underlying DB typically interact.
0
Comment
Question by:pma111
  • 2
3 Comments
 
LVL 29

Accepted Solution

by:
Rich Weissler earned 500 total points
ID: 39992731
'High number' is relative.  

When you say server level logins, you mean actual login credentials that exist to allow users to authenticate, and permit database users to be associated?

I don't see many applications which establishes a sql login per user of the application.   I can only think of one application I currently support that does this, and it's been limping along for decades, and will be end of life in 2017.  I'd be surprised to see another application do this, but in some ways it's more secure than some of the other security systems I've seen implemented.  (It is, however, a support challenge, and means that support of the application will require some database server role that I would prefer not to have to hand out.)

Slightly more frequently, an application will take advantage of Windows Integrated (Active Directory) credentials, and I can put a domain group in SQL security, the user can only access the database if they are in the correct group -- then the application has it's own internal authentication system internal to the application.  

Most frequently, I see a web based application which gets a small group of login/users, and the application takes care of all the actual user authentication completely invisibly to SQL.  (And in this case, I have to settle for a login who can read/write to necessary tables, a different login which is only used for updating the schema, and if I'm lucky - a third login which can only read some necessary tables.)   (Tragically, I frequently see third party applications which expect to install it's database as sysadmin, and run all it's communication from it's web application as sysadmin.  My server admins enjoy watching my hair stand up on end when vendors mention that this how their software installs...)

Does that help?  Or did I go off in the wrong direction?
0
 
LVL 3

Author Comment

by:pma111
ID: 39992748
Great help thanks
0
 
LVL 3

Author Comment

by:pma111
ID: 39993590
?>>When you say server level logins, you mean actual login credentials that exist to allow users to authenticate, and permit database users to be associated?


Yep, anything listed in sys.syslogins
0

Featured Post

Highfive Gives IT Their Time Back

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

Suggested Solutions

Occasionally there is a need to clean table columns, especially if you have inherited legacy data. There are obviously many ways to accomplish that, including elaborate UPDATE queries with anywhere from one to numerous REPLACE functions (even within…
How to leverage one TLS certificate to encrypt Microsoft SQL traffic and Remote Desktop Services, versus creating multiple tickets for the same server.
Via a live example, show how to set up a backup for SQL Server using a Maintenance Plan and how to schedule the job into SQL Server Agent.
Viewers will learn how to use the SELECT statement in SQL to return specific rows and columns, with various degrees of sorting and limits in place.

746 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

8 Experts available now in Live!

Get 1:1 Help Now