DDL TRIGGER SQL SERVER 2000

Question

DDL TRIGGER SQL SERVER 2000

hemdbya

SSChasing Mays

Points: 647
More actions
April 20, 2011 at 8:07 am

#96199

Hi experts,
Is there any way to restrict 'client host' to connect to SQL SERVER, in SS 2000.
I know in 2005, 2008 we have logon trigger. also we can block through firewall.
But is there any way by which we can restrict the clients.
हेमडब्या

Viewing 6 posts - 1 through 5 (of 5 total)

You must be logged in to reply to this topic. Login to reply

GSquared SSC Guru Points: 260824 More actions · Answer 1

I'd do that with the firewall, not in SQL Server. That's what firewalls are for.

- Gus "GSquared", RSVP, OODA, MAP, NMVP, FAQ, SAT, SQL, DNA, RNA, UOI, IOU, AM, PM, AD, BC, BCE, USA, UN, CF, ROFL, LOL, ETC
Property of The Thread

"Nobody knows the age of the human race, but everyone agrees it's old enough to know better." - Anon

Steve Jones - SSC Editor SSC Guru Points: 736212 More actions · Answer 2

What do you mean with client_host? do you mean the host name sent through the connection? That's completely arbitrary. It defaults to the windows host, but someone can fake that. It's not something to depend on.

Are you trying to be sure that a valid user only connects from certain workstations?

hemdbya SSChasing Mays Points: 647 More actions · Answer 3

i mean to say host machine where sql client is installed ..which entry i can found in sysprocesses. i want to restrict such clients. So that if anyhow they manage to get the server login credentials ..they should not able to connct to my production server directly.

हेमडब्या

Steve Jones - SSC Editor SSC Guru Points: 736212 More actions · Answer 4

That data sent by the client can be spoofed. You cannot count on those values in sysprocesses as they are provided by the client. There is no authentication here.

If you are trying to prevent someone from connecting from a specific machine, and if that machine is not using DHCP, you can firewall them out.

However SQL 2000 does not have a way to check on connection and prevent from a particular client with valid credentials from connecting. You can potentially run a job that will disconnect people, but that would be running every minute, not continuously.

GSquared SSC Guru Points: 260824 More actions · Answer 5

I would say the better solution is to properly protect the server login credentials.

- Gus "GSquared", RSVP, OODA, MAP, NMVP, FAQ, SAT, SQL, DNA, RNA, UOI, IOU, AM, PM, AD, BC, BCE, USA, UN, CF, ROFL, LOL, ETC
Property of The Thread

"Nobody knows the age of the human race, but everyone agrees it's old enough to know better." - Anon