 |
 | Home | Contact Us | FAQ | Search & Site Map | Link to Us |
 | Sign In | Join | Other 45 Sites in Network |
SQL Server Forum / Programming / SQL / July 2008applications with Shared SQL users .. minimizing risk
We installed this new Application.. The vendor insisted we use a common (single) SQL users for the ODBC dsn system entry.. Is there any way to enforce that this user/password is only used with that ODBC entry and not a a sql client. Can we log in SQL server 2005 by IP.. Say a table is suddenly missing, how will we know who did it? If through the application or from a sql client? Perhaps the vendor suggests a single SQL Server login account in order to implement connection pooling. This account should have minimal permissions; do not add it to the datareader or datawriter roles, just grant it exec permisisons on the procedure calls it needs. The PW for this SQL Server account should be stored in web.config or a DSN on the server and not supplied to the users. If the users are to login to the application, then use windows authentication or a forms based login form. > We installed this new Application.. The vendor insisted we use a > common (single) SQL users for the ODBC dsn system entry.. [quoted text clipped - 5 lines] > how will we know who did it? If through the application or from a sql > client? |
Reply to this Message |
 Sign In
 Join
 My Latest Posts My Monitored Threads My Blog My Photo Gallery My Profile My Homepage Start New Thread Enable EMail Alerts Rate this Thread
|
©2009 Advenet LLC Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.