Preventing Access to SQL Data from MS Excel

  • Hi,

    Does anyone know how to inhibit MS Excel so that a user can't use it to access and manipulate SQL Server data should they get hold of credentials to allow them to connect?

    Many thanks.

     

  • I would be curious about this scenario as well.  I have a case where MS Access is being used to access SQL Server in order to download information for an ancient Oracle program.  At the minute the user has limitations (via SQL Server) to what he can access.

    I would like to know how and if I can restrict access even more.

     

    Madame Artois

  • SQL Server security is based on logins, not programs.  To prevent unauthorized access to databases, no matter what program is used, restrict the access to only those logins that need it and grant them only the permissions needed.

    Greg

    Greg

  • Hi Greg:

    Thanks.  I knew that reply was coming.  I would like to set that aside, and still pursue the question. 

    This is about denying people the ability to use tools to hack into the database.  Excel and MS Access (as S. Hodkinson raised) are very friendly in that capacity should someone find a vulnerability. 

    Thanks.

  • Your only trouble is that the server doesn't really know what application is accessing it, it only receives sql. I would imagin that if anyone wanted to cause some trouble there would be better applications that were wrote to do this. I can imagin a simple sql script run through t-sql that dumps the data from each table to a large text file that can be shipped else where, the user could probaly find one on the internet.

    That being said, if this is a corporate network, could you just remove the database connectivity features from excel if they are a seperate install option?

  • Hello Chris:

    Thanks.  It's the second part of your response that's more interesting, and more to the point of what I'm looking for.  I'm not considering other applications that can access or manipulate data; just the ones intrinsic to a typical office setting (basically Microsoft Office). 

    The great thing about the Microsoft products is their connectivity and versatility, but that's also one of their greatest problems from a security point of view. So again...does anyone know how to ensure that these applications (as well meaning as they are) cannot be used to access nd manipulate SQL data?

    Thanks.

Viewing 6 posts - 1 through 5 (of 5 total)

You must be logged in to reply to this topic. Login to reply