May 8, 2009 at 9:59 am
Hi All,
I have a bit of a problem with SQL security, at the moment we have web applications which connect to a database, SQL logins have been created for this. But what I often find is that users also use this password to connect to the database as well, this defeats the purpose of having the login in the first place if the dev guys know what it is.
Is there anyway around this problem in SQL 2005.
Also, I have also head about application logins in SQL 2000, I’m not sure if this is ancient now or whether its still rolling. Any input would be greatly appreciated here.
Thanks.
May 8, 2009 at 10:12 am
Application logins require a password from the code (or app), and unless you can prevent the devs from knowing this, it doesn't help.
The way to handle this is not let the developers have access to the production SQL Server or web server. They shouldn't need it. Let a third party deploy the app, set the pwd then.
I'd also handle this administratively, as in your boss walking to a developer's desk and letting him know he can stop connecting directly or find another job.
Viewing 2 posts - 1 through 1 (of 1 total)
You must be logged in to reply to this topic. Login to reply