November 13, 2008 at 7:20 pm
We are migrating a set of web applications to a new 2008 SQL Server. With this change we are beginning to enforce that our developers have read only access to the server with their AD account. However, due to their knowledge of how their web applications access the database, they could easily login to our servers via those accounts.
Are there any easy ways to monitor who is logging on and where it originates from?
Thanks!
November 14, 2008 at 6:55 am
If you are using SQL Authentication, there is not much you can do. You can trace the login events, but most parts of a connection string can be modified including the application name and host so there is not really a way to ensure the connection information is not lying to you.
If you are using windows authentication for everything, AD can do some work for you. Assuming the developers cannot rdp into the application servers, you can specify in AD that your service accounts can only authenticate on the application servers so your developers would not be able to get a kerberos ticket on their local workstations.
Viewing 2 posts - 1 through 1 (of 1 total)
You must be logged in to reply to this topic. Login to reply