• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 473
  • Last Modified:

sql server - server level logins for apps

is it common for applications with an underlying sql server database, to have a high number of server level logins for users of the application? Or can this be seen as a security issue? I am not a developer so unsure how the applicaiton and underlying DB typically interact.
  • 2
1 Solution
Rich WeisslerProfessional Troublemaker^h^h^h^h^hshooterCommented:
'High number' is relative.  

When you say server level logins, you mean actual login credentials that exist to allow users to authenticate, and permit database users to be associated?

I don't see many applications which establishes a sql login per user of the application.   I can only think of one application I currently support that does this, and it's been limping along for decades, and will be end of life in 2017.  I'd be surprised to see another application do this, but in some ways it's more secure than some of the other security systems I've seen implemented.  (It is, however, a support challenge, and means that support of the application will require some database server role that I would prefer not to have to hand out.)

Slightly more frequently, an application will take advantage of Windows Integrated (Active Directory) credentials, and I can put a domain group in SQL security, the user can only access the database if they are in the correct group -- then the application has it's own internal authentication system internal to the application.  

Most frequently, I see a web based application which gets a small group of login/users, and the application takes care of all the actual user authentication completely invisibly to SQL.  (And in this case, I have to settle for a login who can read/write to necessary tables, a different login which is only used for updating the schema, and if I'm lucky - a third login which can only read some necessary tables.)   (Tragically, I frequently see third party applications which expect to install it's database as sysadmin, and run all it's communication from it's web application as sysadmin.  My server admins enjoy watching my hair stand up on end when vendors mention that this how their software installs...)

Does that help?  Or did I go off in the wrong direction?
pma111Author Commented:
Great help thanks
pma111Author Commented:
?>>When you say server level logins, you mean actual login credentials that exist to allow users to authenticate, and permit database users to be associated?

Yep, anything listed in sys.syslogins
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Build your data science skills into a career

Are you ready to take your data science career to the next step, or break into data science? With Springboard’s Data Science Career Track, you’ll master data science topics, have personalized career guidance, weekly calls with a data science expert, and a job guarantee.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now