Locking Database
-
how should i lock the database so that programmers/ users accessing the database should have restrictions as per their logins thru which they are accessing the datbase. More over to reduce the hacking of the database.
-
Set-up NT groups and make the groups READ-ONLY with EXEC to stored-procedures ONLY if you want to lock down the system completely. This way the stored-procedures which are reviewed (by DBA) and approved are not run aways.
Also, (something that we should all do but unfortunately don't) is change the sa password on a regular basis and DON'T write it down or share it with someone who shouldn't have it. You will find out REAL fast who has it when they start screaming
Good Hunting!AJ Ahrens
webmaster@kritter.net -
Read up on Permissions in SQL Books Online.
You'll need to take away the permissions of users (which can be set in the server, or database, or object).
DEFINATELY do it using NT Groups rather than individual users, otherwise you will continually have to change things for individual users / new users/ etc.
Julian Kuiters
juliankuiters.id.au -
Do you need to support SQL Logins or do all users authenticate using either their NT credentials or that of an IIS service account? If so, you should put the server in “Windows Only” mode. This would help to mitigate the SA password vulnerability.
Also, I would take the idea of creating Logins based on NT User Groups one step further and add database roles. Add database roles; assign the NT Group logins to the roles, and GRANT permissions to the database roles. This may seem redundant, but that way if you ever do have to support mixed mode authentication in the future, it would be a simple matter of creating the SQL Logins and adding them to the appropriate database roles.
Corie Curcillo
MCT, MCDBA, MCSD
Viewing 4 posts - 1 through 3 (of 3 total)
You must be logged in to reply to this topic. Login to reply