SEO
vBulletin Search Engine Optimization
| |||||||
| Register | FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
02-29-2008, 05:15 AM
| |||
| |||
 Re: Execution of script at login Not automatically. Why not call the script in the client code that opens the connection? Could you explain what additional checks you would require at connection time. If the user isn't authorized then why would give them a login to the database? -- David Portas SQL Server MVP --      |
|
02-29-2008, 05:15 AM
| |||
| |||
| Re: Execution of script at login Thanks for your reply. If I had access to client code, I'd probably use an application role. But, I do not. The application gives each user read/write access to all tables regardless of application security. I was thinking of checking at login time whether the accessed the database from the application or not. James |
|
02-29-2008, 05:15 AM
| |||
| |||
| Re: Execution of script at login Hi If you write anything such as a audit record when they log in, you could use a trigger to raiserror. It would not be a very elegant solution though! John "James" <jbrake@aeci.org> wrote in message news:1103312862.596986.208700@z14g2000cwz.googlegr oups.com... > Thanks for your reply. > > If I had access to client code, I'd probably use an application role. > But, I do not. > > The application gives each user read/write access to all tables > regardless of application security. > > I was thinking of checking at login time whether the accessed the > database from the application or not. > > James > |
|
02-29-2008, 05:16 AM
| ||||
| ||||
| Re: Execution of script at login James (jbrake@aeci.org) writes: > If I had access to client code, I'd probably use an application role. > But, I do not. > > The application gives each user read/write access to all tables > regardless of application security. > > I was thinking of checking at login time whether the accessed the > database from the application or not. This may be a case of just poor choice of words from your side, but permit be to point out that the application cannot really give access to the tables, unless it is logging in with a user that has such privileges. But maybe you mean that the application requires the user to have read/write access to the tables, because it is not using stored procedures? In such case it may be a difficult task to handle. To prevent updates you could add triggers on the tables that checks app_name() and rolls back if the application is not the right one. -- Erland Sommarskog, SQL Server MVP, esquel@sommarskog.se Books Online for SQL Server SP3 at http://www.microsoft.com/sql/techinf...2000/books.asp |
Linear Mode
