What login should I use to give company wide read access to a database?

  • Hi,

    In the past I have always used a SQL Server user to provide access to all staff via web application. The web application uses integrated authentication mode. So the web application is the security gateway, so to speak, once user is authenticated they can have access to the database via the web.

    Is this still the norm or am I behind in security?

    Reason I ask is, my company is now looking to deploy a web application that will be accessible from beyond the firewall, talking to a database inside the firewall (we never do this before). So I want to make sure I have an acceptable level of security on the database side. The web application, again will use integrated authentication mode. But what about on the database side? Should I use Windows authentication? If yes, what login should I use? BUILTIN\Users? NT AUTHORITY\Authenticated Users? <<SERVER NAME>>\Authenticated Users? Or do I stick with a SQL Server user with strong password?

    Many thanks in advance for your response.


    Urbis, an urban transformation company

  • I would use BUILTIN\Users. NT Authority\Authenticated Users could include accounts local to the server that aren't in Users.

    Best would be *Domain*\Domain Users if you're a single domain. This would ensure only domain accounts can come in to the database.

    K. Brian Kelley
    @kbriankelley

  • Thanks for your reply. We have 4 domains but that's small enough to manage. I will use the Domain Users then. Thanks again for your help.


    Urbis, an urban transformation company

Viewing 3 posts - 1 through 2 (of 2 total)

You must be logged in to reply to this topic. Login to reply