Post reply

Logins for applications in SQL2005 across the web

  • April 21, 2009 at 11:13 am

    #981643

    Glad I could help. @=)

    Brandie Tarvin, MCITP Database AdministratorLiveJournal Blog: http://brandietarvin.livejournal.com/[/url]On LinkedIn!, Google+, and Twitter.Freelance Writer: ShadowrunLatchkeys: Nevermore, Latchkeys: The Bootleg War, and Latchkeys: Roscoes in the Night are now available on Nook and Kindle.

  • April 21, 2009 at 12:52 pm

    #981716

    You should also ask the developer about permissions required by the app(s) as this will dictate how tightly you can secure the logins. There really shouldn't be any need to connect with more than db_datareader, db_datawriter and exec permissions on procs; if that is not the case then the exceptions should be documented.

  • April 22, 2009 at 2:58 am

    #982015

    matt stockham (4/21/2009)

    You should also ask the developer about permissions required by the app(s) as this will dictate how tightly you can secure the logins. There really shouldn't be any need to connect with more than db_datareader, db_datawriter and exec permissions on procs; if that is not the case then the exceptions should be documented.

    Again, this was my line of thinking. The db_datawriter & db_reader gives the 'users' that are external to the domain all the rights that I believe they currently have (i.e. right to connect, add, delete, modify etc)

  • April 23, 2009 at 3:14 am

    #982722

    :w00t:

  • April 23, 2009 at 4:12 am

    #982739

    Danb7183 (4/22/2009)The db_datawriter & db_reader gives the 'users' that are external to the domain all the rights that I believe they currently have (i.e. right to connect, add, delete, modify etc)

    Depends on what's being deleted or modified. If it's just data, then you are correct. If it's objects, constraints, etc, or if they're executing stored procedures, there may be more permissions required.

    Especially if they are executing Procs & Functions. You might consider creating roles that have Execute permissions on specific schemas or specific sets of Procs/Functions that you make the app's user login a member of. Otherwise, they can read & write data fine but they won't necessarily be able to execute the stuff needed to do the job.

    Brandie Tarvin, MCITP Database AdministratorLiveJournal Blog: http://brandietarvin.livejournal.com/[/url]On LinkedIn!, Google+, and Twitter.Freelance Writer: ShadowrunLatchkeys: Nevermore, Latchkeys: The Bootleg War, and Latchkeys: Roscoes in the Night are now available on Nook and Kindle.

  • April 24, 2009 at 2:33 am

    #983413

    Hi, with vb. net apps I think is better, for your co security, to control accesses to your site with app users, not with DB users. And you can programming in your site a monitoring app to control it. Also your boss can task you for monitor the app from his home. Then you will need vpn, secure communications, etc. But the principal part of this project, it's only my opinion, is the control from the web. The DB must be secure from external access.

    Thanks

Viewing 6 posts - 16 through 20 (of 20 total)

You must be logged in to reply to this topic. Login to reply