I am building a windows forms VB .NET project that connects to an SQL server
database. The problem we have is that since we are using windows-based aut
hentication, anyone with access or even excel can connect to the sql server
and fiddle with the data.
I looked into application roles but using this we lose flexibility for givin
g (or removing) rights from specific users.
This problem wouldn't exist if we were building web apps, as we could set th
ings up in a way the web server would be the only one to connect to the data
base.
What do people use in enterprises to prevent users from connecting to databa
ses with unauthorized apps ?
Thanks in advance.Use only stored procedures to access the database in your application. Do
not grant any permissions on tables or views to users; only grant
permissions on stored procedures. This will effectively block access to the
database from any source except your application (or a keen user who knows
how to properly call the stored procedures).
"/dev/null" <anonymous@.discussions.microsoft.com> wrote in message
news:4AD3A344-840C-47B4-A9DE-9968BF748D0C@.microsoft.com...
> I am building a windows forms VB .NET project that connects to an SQL
server database. The problem we have is that since we are using
windows-based authentication, anyone with access or even excel can connect
to the sql server and fiddle with the data. I looked into application roles
but using this we lose flexibility for giving (or removing) rights from
specific users.
> This problem wouldn't exist if we were building web apps, as we could set
things up in a way the web server would be the only one to connect to the
database.
> What do people use in enterprises to prevent users from connecting to
databases with unauthorized apps ?
> Thanks in advance.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment