Setting up SQL only for the internet
-
I am currently switsching from Access to SQL server 2000. The SQL server 2000 wil run under windows 2003 and this database is only used for the internet (VBscript + ASP)
I read somewhere the standard dbo user should not be used for the internet. What should I do then? What are the minimum rights I need to give to the 'new user'? Should I delete the dbo user completely?
Thanks for your help!!
-
This is a topic that's not really going to be answerable in a forum post. But basically here's what you do.
You determine the minimum rights the web application needs. Where possible you drive all access through stored procedures. You create a user-defined database role that has those permissions and nothing more. Create a SQL Server login for the web application. Give that login access to the database as a user. Make that a user a member of your user-defined role.
DBO is always going to be present, but you just ensure the web application isn't using an account with those kinds of rights.
K. Brian Kelley
@kbriankelley -
Fantastic! This is the info I needed. Thanks Brian!
Viewing 3 posts - 1 through 2 (of 2 total)
You must be logged in to reply to this topic. Login to reply