Security
This is a discussion on Security within the MS SQL ODBC forums, part of the Microsoft SQL Server category; --> Suppose I have an appliation made in VB6 which connects to SQL2000. The applications creates a DSN(old style) to ...
| |||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
02-27-2008, 09:55 PM
| ||||
| ||||
 Security Suppose I have an appliation made in VB6 which connects to SQL2000. The applications creates a DSN(old style) to connecto to the server. The user has a login an a password to use the application. The server validades Windows NT login. Every effort had been made to protect the database from intruders. So far so good... Next day, comes Clarck Kent and connects to the server simply by using the DSN and Excel 2000!!! He can browse, update and delete files!!! How can I avoid such intruder. Thank you... waitng for replies... -- Rick      |
|
02-27-2008, 09:55 PM
| |||
| |||
| Re: Security Never use DSN's and use only Windows authentication, not SQL Server logins/passwords. DSNs by their nature are not secure, and if a Windows user hasn't been granted access to the server they won't get in. --Mary On Wed, 21 Sep 2005 11:04:00 -0700, "Rick" <Rick@discussions.microsoft.com> wrote: >Suppose I have an appliation made in VB6 which connects to SQL2000. >The applications creates a DSN(old style) to connecto to the server. >The user has a login an a password to use the application. The server >validades Windows NT login. > >Every effort had been made to protect the database from intruders. >So far so good... > >Next day, comes Clarck Kent and connects to the server simply by using the DSN >and Excel 2000!!! He can browse, update and delete files!!! > >How can I avoid such intruder. > >Thank you... waitng for replies... |
|
02-27-2008, 09:55 PM
| ||||
| ||||
| Re: Security Don't expose the connection information to the client - don't use a DSN but have the connection string in a dll that the application calls to get the connection information. You could also look at using application roles from what you describe. You can find more information on these in SQL Server books online. -Sue On Wed, 21 Sep 2005 11:04:00 -0700, "Rick" <Rick@discussions.microsoft.com> wrote: >Suppose I have an appliation made in VB6 which connects to SQL2000. >The applications creates a DSN(old style) to connecto to the server. >The user has a login an a password to use the application. The server >validades Windows NT login. > >Every effort had been made to protect the database from intruders. >So far so good... > >Next day, comes Clarck Kent and connects to the server simply by using the DSN >and Excel 2000!!! He can browse, update and delete files!!! > >How can I avoid such intruder. > >Thank you... waitng for replies... |
Linear Mode
