Basic Security Differences Between SQL And Access
Jan 16, 2008
Ok, I know it's a really basic question but I'm hoping someone will humor me. Not being a database expert I am wondering what the basic security differences are between a SQL server db and an Access db. What makes SQL a more secure choice for confidential information over Access.
I know from a useability SQL is the better choice being a multiuser access platform but I am not familar with security mechanisms employed.
I appreciate any info on this.
Thank you.
View 1 Replies
ADVERTISEMENT
Dec 19, 2007
does anybody know why MS doesnt consider Basic Authentication a viable solution for Inter/Xtra net access to RS? I'm re reading the documentation at http://msdn2.microsoft.com/en-us/library/bb283249.aspx but so far am not getting what the Security Extension options accomplish that can't be accomplished with much less effort using some form of Basic Authentication.
View 25 Replies
View Related
Sep 10, 1999
I'm new to SQL 7.0 and have a basic security question. I want to set up security so that different roles can see different portions of the same tables. In other words, Department A see's its projects from table 1 and Department B users see only their projects from table 1. The results are then linked to the client front end, so that the basic form they input/read off will give them the results from table 1 with only their projects. Is there a simple way to do this with a stored procedure or view, so that the result set can be linked to the form and only differs depending on the role? Thanks for the help.
View 1 Replies
View Related
Sep 30, 2007
Hi,
I'm trying to learn the "correct" way to use security with SQL Server 2005 and .NET 2.0. Let me explain what I've always done in terms of security and why.
Historically, I've created a Users table and a UserPermissions table in my database. The Users table has the username and password, and the UserPermissions table relates to the Users table and has a list of all (application-defined) permissions granted to the user. For example, say the application has features A, B, and C. The administrator might grant features A and C to user John Doe.
The reason I put this table into my database is two-fold. First, it allows me to easily setup a list of features that the application can secure. Second, it allows the application to log into SQL Server using a constant username a password. The application always gets access to the database, but then if the user didn't provide a good username and password, the application logs back out of the database and quits.
The downside to this is that SQL Server doesn't know who's accessing it. So if I wanted to have a trigger that gets the current user, all users appear to be the same person. The upside is that the administrator doesn't need to go into SQL Server and set up new users, and the users aren't aware of the actual username and password used to access the database, so they can't get to it directly.
I'd really like to learn to set up security the right way. What I want is:
A) Each user to be uniquely identified within SQL Server - i.e., each one logs in with his own user id
B) The application has complete control over the database (I want the application to be able to read all tables, for example)
C) The user doesn't have direct access to the database. I don't want the user to be able to load SQL Server Management Studio on his computer and go directly into the database
D) There is some way to grant application-specific features to each user
I would think this has to be a common scenario. Can anyone offer some good tips on how to accomplish what I'm trying to do? Thanks in advance...
-Eric
View 4 Replies
View Related
Sep 5, 2006
Hi,
I am new to SQL 2005, can someone give me some details instructions about how to do below two tasks:
All my developers are in a window domain user group, I need to grant dbo privileges to that domain group so then can do the their development work. The rule is all objects they create need to be owned by dbo not by there ID. ( I can€™t do it because I got €œ The €œDeafult_Schema clause cannot be used with a windows group€?)
Same as above but this time they only need select permission on tables nothing else.
Many thanks.
PC
View 1 Replies
View Related
Apr 4, 2008
I'm having 2 Dummy Users.
The one i created i direct login on the server and access to 2 databases.
The second one i've placed in a AD users group.
That group has a login and is also mapped to the 2 databases.
Sql server is running with on a AD-users, not localsystem.
Why can DummyOne work fine, and DummyTwo (the grouped one) can login but access none of the databases.
What have I missed ?
View 7 Replies
View Related
May 1, 2007
I'm designing a C# winforms app that will be used by 500 customers/companies. The customers will use the app to edit data for their company on the remote SQL Server. What's the best way to manage security in terms of logins/passwords? Should each user have a different login? (probably not) Or should the application have it's own login/password that is encrypted and the user never knows what the login/password is?
Also, is it necessary to use Web Services for this application? Any other thoughts/comments are very welcome.
View 4 Replies
View Related
Jul 20, 2005
can someone point me to the differences in the datatypes between accessand sqlserver?I've writen a program that creates a table in access using an sql createquery. However, if I point to a sqlserver odbc datasource the querybombs
View 4 Replies
View Related
Sep 11, 2015
I want to knew the sql query to return differences between two tables from two different database.
View 3 Replies
View Related
Oct 14, 2005
Hello there I have trying to figure out for days how to enable FullTrust for my Reporting Services security extension.
View 9 Replies
View Related
Jan 23, 2002
I am working in an access data project. I have a stored procedure that runs fine when I open and run it directly in sql. When I use the DoCmd.OpenStoredProcedure method in VB code, the stored procedure also runs fine (and successfully adds records as it should) but then I
get an error: #7874 "...can't find the
object...'[Name of sp'". This halts the vb code and is a
problem. Here's example code from a sp that causes
this problem:
Insert into Table (Field1, Field2, Field3, Field4)
Select Field1, 'Test', Field5, GetDate()
from View1
I understand there may be another syntax to run a stored procedure from access visual basic other than DoCmd. I would very much appreciate guidance as to how to do this.
Thank you.
View 1 Replies
View Related
Feb 10, 2007
Of all the Visual Basic.NET data access books that I have purchased and all the Internet site example code that I have reviewed, none have had any good examples of multi-threaded VB.NET code doing data access.
I am trying to avoid the non-responsiveness in a VB app while a simple data retrieval from SQL Server 2005 is in progress.
If anyone knows of any book titles or web sites that have example code (good or not) of multi-threaded VB.NET applications doing data access against Microsoft SQL Server (7, 2000, or 2005) or even against Microsoft Access(TM), it would be very much appreciated if you could provide the book title or URL to point me in the right direction.
The more examples the better.
Thanks in advance.
View 5 Replies
View Related
Sep 26, 2007
Code Snippet
Hi there,
I'm struggeling for more than a week now with this problem, without a finding the solution.
I have two databases, MS Access and SQL Server 2005 Express Edition
Using a procedure in Visual Studio i would like to copy all the records from one table in MS Access into an existing table in SQL Server (the tables have the same name and the same layout)
I tried to prepare one Dataset to copy from Access into SQL Server but when i run the command 'DaSQL.Update(DsSQL, "Tabella") nothing happens (not even an exeption has been raised), looking during debug, the DataSet seems filled though...
Please could anyone explain what's wrong and / or is there a more quicker way to copy data from a table to another?
Note i woul have as a final goal to get data from an AS400 database by ODBC, manage it, and put it on SQL Server for a 'data mining' scope (eliminating the use of MS Access, not suited for FE-BE).
the procedure goes like this;
' Create a connection to the MS Access Database
Dim connectionToAccess As New OleDbConnection(DBConnectionAccString)
strsql = "SELECT * FROM [TABELLA]"
connectionToAccess.Open()
Dim DaAccess As New OleDbDataAdapter(strsql, connectionToAccess)
Dim DsAccess As New DataSet("ACCESS")
DaAccess.FillSchema(DsAccess, SchemaType.Source, "Tabella")
DaAccess.Fill(DsAccess, "Tabella")
' Create a connection to the SQL Database
Dim connectionToSQL As New SqlConnection(DBConnectionSQLString)
connectionToSQL.Open()
Dim DaSQL As New SqlDataAdapter(strsql, connectionToSQL)
Dim DsSQL As New DataSet("SQL")
DaSQL.FillSchema(DsSQL, SchemaType.Source, "Tabella")
DaSQL.Fill(DsAccess, "Tabella")
DaSQL.Update(DsSQL, "Tabella")
Note I tried also the following, withou a result;
DsSQL = DsAccess.Copy
DaSQL.Update(DsSQL, "Tabella")
Please is there someone who could respond !!???
View 6 Replies
View Related
Jan 3, 2006
Applied Access security feature to a database using its Security Wizard. Procedure went smoothly.
Been developing a software using VB 6.0 using an Access database as the main data source. Haven't had any problem manipulating the database via VB, but recently attempted to modify the database structure via Access, but was unable to do so, because either my username or password is allegedly invalid. Tried all passwords I can recall, but unable to get through. Haven't been able to create a new database, either.
Development of the software and creation of the Access database is being done on a stand alone laptop, that may or may not have been a workstation in a network.
Any help to resolve this issue would be appreciated.
Napatan
View 2 Replies
View Related
Aug 24, 2006
I would like some clarification please...
I have setup Windows Authentication to SQL2005 using a group with a default database. The group has access to the default database.
Now it's my understanding, if I have a user that's a member of the group, idividual access does not need to be setup to connect to SQL Server. Users connect on the credentials of the group... Is this a correct interpretation??
Ex: Windows groupname = SQLConnect Default db = Anydb
Anydb has groupname SQLConnect connect permissions
Windows username = test1 (is member of SQLConnect group)
Problem: test1 trys to login but gets an error that they can't connect to default db...
View 1 Replies
View Related
May 11, 2007
Hello,
I'm new to ASP, but developping in Sql for years.
What we would like to have is that the user is accessing the database over it's own Windows Logon. Our triggers log quite some changes and are using UserName() for this. I've treid to force the IIS to accept Windows Integration only, the SqlDataSource users a connection that has Integrated Security = True. But when connection to the site i'm gatting error that there is no trusted connection for the user . (dot) ...
I suppose i'm missing something but could you give me a hint where to start looking..... THX
View 3 Replies
View Related
Aug 22, 2001
In the process of reviewing all Security access into our production servers, I found a user login name of 'BUILTIN/Administrators' with the type 'NT Group' in our production DB. I am not sure whether this Login was setup automatically when SQLServer was installed or it was setup by the administrator, who is no longer with the company? I was able to find out all the users in the Administrators NT group, but what threw me was the word 'BUILTIN' . Are there other Logins besides 'sa' that get setup during the install?
Thanks.
Helen
View 1 Replies
View Related
Jan 26, 2001
I am using Access 97 as a front end to access SQL 7 server on NT 4.0 server.
I've set up security model based on NT authentication only. Users have login right to login to SQL and they have public & dataread & denydatawrite access. They also have SELECT permission on a table object and have no permission to INSERT, DELETE and UPDATE.
When I use Access 97 to access a database, users are still capable of inserting and deleteing records in tables.
Am I doing something wrong?
Thanks, Michael.
View 1 Replies
View Related
Jan 20, 2004
I HAVE CREATED A SECURITY DATABASE USING A NEW WORKGROUP FILE WITH A NEW MDW FILE NAME. THE DATABASE ITSELF CONTAINS SEVERAL GROUPS OF USERS AND SEVERAL USERS. THE DATABASE WORKS AS DESIGNED.
THE PROBLEMS IS IF I OPEN THIS DATABASE USING THE SYSTEM.MDW FILE, THE DATABASE OPENS AND GIVE ME COMPLETE ACCESS TO EVERYTHING.
CAN ANYONE EXPLAIN WHAT IS HAPPENING.
ANY HELP WILL BE APPRECIATED
THANKING YOU IN ADVANCE
JOSEPH FORD
View 14 Replies
View Related
Jul 20, 2005
First of all, I have never done any web-based stuff, so if thefollowing sounds ignorant, it's because I am!So far all our SQL Servers are accessed only over our network and weuse Windows authentication. Now the guy I'm working with on thedesign of our next stuff wants the two new databases (a transactionalone and my data warehouse) to be additionally accessed by web-basedapplications via our company intranet (NOT THE INTERNET). How do weauthenticate under these conditions? The webserver machine will betalking to the SQL Server ones, i.e. the databases will each be on thetheir own separate boxes. Can the webserver be a "user"? If so,and we want the actual users to have different privileges, then theweb-based apps have to manage that? Or is there a way for theweb-based apps to grab the Windows user and pass it to SQL Server?
View 7 Replies
View Related
Mar 22, 2007
How do I grant admin access to a windows account withou having them a part of the administrators group...
I need to give a user access to every report on the server and the ability to administrate the application side of the server but I cannot give them Administrative access to the machine as a whole. I added the user to the system administrators role in team services but this did not allow here to see all the reports. How does she get access to all the reports without being in the Windows local Administrators group?
Thanks
Chris
View 2 Replies
View Related
Mar 27, 2007
I need a simple way of capturing who updated what in an Access database.
User wants to know for each field in each table.
I think it's to much for Access to handle.
Any ideas?
A.
View 1 Replies
View Related
May 4, 2007
I'm creating an app that will connect to a central sql server 2005 (hosted on a Win2003 server with Windows Firewall on). I added sqlservr.exe and sqlbrowser.exe to the firewall exceptions to allow for remote connections. Now, an admin I know is telling me that this is not secure and we must configure those 2 exe's to only be accessed by certain IP addresses. I want to make sure the database is very secure, but this sounds like overkill. ??
Questions:
Is this necessary (to limit access to these 2 exe's to certain IP addresses)?
How would I be able to distribute my application to different users if this is so?
How can I make sure that the SQL Server won't get "attacked" or "hacked"?
Mel
View 6 Replies
View Related
Mar 9, 2007
Hi,
Im developing an application in Visual Web Developer with an MS SQL Server Database.
I have Visual Web Developer Express edition installed on my machine and i had MS SQL Server 2005 Express Edition and everything was fine.
However i need to use SQL Server Agent to develop a job and this is not included in the express Edition of Ms SQL Server 2005 Express Edition.
So i installed the 2005 developer edition of MS SQL Server.
Now Im currently getting the following error when i access the security page in the ASP.Net Configuration page
An error has occurred while establishing a connection to the server. When connecting to SQL Server 2005, this failure may be caused by the fact that under the default settings SQL Server does not allow remote connections. (provider: SQL Network Interfaces, error: 26 - Error Locating Server/Instance Specified)
Anyone tell me how i can fix this error?
View 4 Replies
View Related
Jun 22, 2000
What kind of permissions do you need to be able to run a job created by another user or sa if you are not the job owner and don't have any sys admin priveldges??
View 1 Replies
View Related
Dec 7, 2000
Does anyone know of a component or other mini application that can be run on the IIS server and allow IIS to access SQL Server 7 databases using Trusted Security.
Our security unit has required us to run SQL Server with Trusted Security so changing to Mixed mode is not an option. We are also not allowed to use Basic Authentication for Active Server Pages with IIS. IIS and SQL server are also on different machines.
We are looking into the possibility of trying to create a component that would run on the IIS machine to allow us to use Trusted Security to the SQL Server (in effect try to make it work the same way that the Cold Fusion product does).
Any help would be really appreciated.
Thanks
View 1 Replies
View Related
Jun 8, 2007
Is there a way to implement Access-like password protection on a SQL Server Express dataset?
The database will be deployed on individual's PCs with no centralization of control. I want to restrict users from being able to see table definitions, stored procedures, etc. Access-like password protection is what I want, but I don't see any similar feature within SQL Server Express. Am I missing something?
View 1 Replies
View Related
May 4, 2006
Is anyone familiar with how to enable remote access to SQL Server 2000? ...and what are you security issues surrounding this?
Any help appreciated.
Adamus
View 5 Replies
View Related
Jan 17, 2008
I installed SQLE 2005 on vista home prem, and when I go to the studio and attempt to create a database, I get the message below. I am running under an admin account, but the system sees me as a standard user.
Do I need to re-install and tell the system to allow me to log on via. an ID/PW?
Is there a vista patch?
Should I re-install XP?
Also, not having this issue with the same SQLE version and an XP machine.
Thanks
TITLE: Microsoft SQL Server Management Studio Express------------------------------Create failed for Database 'test'. (Microsoft.SqlServer.Express.Smo)For help, click: http://go.microsoft.com/fwlink?ProdName=Microsoft+SQL+Server&ProdVer=9.00.3042.00&EvtSrc=Microsoft.SqlServer.Management.Smo.ExceptionTemplates.FailedOperationExceptionText&EvtID=Create+Database&LinkId=20476------------------------------ADDITIONAL INFORMATION:An exception occurred while executing a Transact-SQL statement or batch. (Microsoft.SqlServer.Express.ConnectionInfo)------------------------------CREATE DATABASE permission denied in database 'master'. (Microsoft SQL Server, Error: 262)For help, click: http://go.microsoft.com/fwlink?ProdName=Microsoft+SQL+Server&ProdVer=09.00.3042&EvtSrc=MSSQLServer&EvtID=262&LinkId=20476------------------------------
View 1 Replies
View Related
Dec 1, 2006
I get the following error message when i click the Security tab on my websites' Administration tool. All the other tabs are working properly.
There is a problem with your selected data store. This can be caused by an invalid server name or credentials, or by insufficient permission. It can also be caused by the role manager feature not being enabled. Click the button below to be redirected to a page where you can choose a new data store. The following message may help in diagnosing the problem: An error occurred during the execution of the SQL file 'InstallCommon.sql'. The SQL error number is 1802 and the SqlException message is: CREATE DATABASE failed. Some file names listed could not be created. Check related errors. Cannot create file 'C:SAFETYDATABASEAPP_DATAASPNETDB_TMP.MDF' because it already exists. Change the file path or the file name, and retry the operation. Creating the ASPNETDB_652db56c1d7d4c9f94da67107d9c917a database...
Any help is appreciated.
View 1 Replies
View Related
Apr 6, 2000
I am using mixed security on the SQL server and have an NT group 'NT_GROUP'.
The login for 'NT_GROUP' has been added to SQL server and has been explicitly granted access to only one database.
Using access database project (ADP), a user in the group is able to gain access to other databases (master, tempdb, msdb, etc.) as well.
It is very important to be able to prevent this access.
Thanks in advance for your help.
View 1 Replies
View Related
Jan 23, 2004
Hi, this is my first post (hopefully of many) on this board. Just wanted to say a quick hello before I dive into my question. :)
As the title suggested, I have to develop a MS Access form app (yes, it has to be Access - I know it sucks) that will post and query data to and from a remote SQL Server db. While I have no problem linking the two through the default ODBC drivers, my question is security. Some (actually most all) of the data being passed back and forth is sensative information, and I would like to know the best way to keep it safe.
If anybody has any suggestions, instructions, or can redirect me to a good FAQ site on the subject, I would be most appreciative. I have already done a search on these forums for an answer, but have sadly come up short.
Thanks to all in advance!
View 3 Replies
View Related
Sep 25, 2015
I am getting the following message when trying to connect to a database (from an external application) that I have recently restored using my profile (Windows Authentication):
Connection failed:
SQLState: '01S00'
SQL Server Error: 0
[Microsoft][SQL Server Native Client 11.0]Invalid connection string attribute
Connection failed:
SQLState: '08004'
SQL Server Error: 4060
Server rejected the connection; Access to selected database has been denied
Connection failed:
SQLState: '28000'
SQL Server Error: 18456
[Microsoft][SQL Server Native Client 11.0][SQL Server]Login failed for user 'xxxxaaaa'.
My profile (replaced with xxxxaaaa) has full access to the server and I can connect to every other database with no issues. I get exactly the same error if I try and connect using the SQL Authentication "sa" profile as well.
View 9 Replies
View Related
