Is General Authentication Secure Enough?
Feb 5, 2008
Hello,
I have a project which I am working on that includes database support. The Database server has several databases hosted on it. Setting network security hardware/software aside for a moment and strictly talking about security handled by the Database server, is is good enough to rely on adding users to a databases "users" list or are there other things on the database server I should look at? We are using both Windows and SQL authentication. We have some users that are to have access to all the databases (Administrators and database operators) and some who will only be permitted to have access to a few of the databases (not all of them). Obviously there are other security concerns such as network firewalls and the such which are being handled by the IT team but I wanted to know if the simple 'add user to "users" list and remove for the rest' approach is all that can be done or if there is more that can be done on the SQL server.
Thanks!
View 3 Replies
ADVERTISEMENT
Aug 22, 2007
I folks.I Have installed sql server 2005 express and choosed windowsauthentication on instalation, but i make a mistake and now i needmixed authentication, how can i modify this whithout uninstall andinstall again the application?thanks for the help.
View 2 Replies
View Related
May 11, 2007
How to give authentication for Send Mail Task component?
View 4 Replies
View Related
Apr 18, 2007
Hi there,I have installed MS SQL Server 2005 on my machine with windows authentication. But now I want to switch the authentication mode to SQL Authentication. I am unable to switch, I can’t find the proper way to do so here in 2005.Could any one help me in doing this?Thank you,-Ahsan
View 1 Replies
View Related
Mar 25, 2004
Hello,
(Using win2k, sqlserver2k, framework 1.1)
I have an fairly data-heavy application that uses Windows authentication (Trusted connection/aspnet account) to connect to Sql Server. The site uses IIS basic authentication.
On the dev server everything works fine but when I move to the live server things get strange and it starts to crawl along. (Pages load OK but then it just crawls as it loads the datagrids etc. Sometimes it brings back incomplete/incorrect data )
BUT When I use Sql Authentication to connect to Sql Server and there is no problem at all!
Ok, there is something obviously wrong with the live server (which is identical setup to dev)but I dont know where to start.
Any ideas??
View 2 Replies
View Related
May 15, 2006
Hi all,
I've got two applications which both have a database on my MS SQL 2000 server. The problem is, one application must use Windows Integrated Authentication (which it is currently using and cannot be changed) whilst the other application which I'm trying to configure must use a SQL password.
Since the server has already been configured to use Windows Integrated Authentication for the existing database and application, how do I configure the other database to use the SQL password?
Thanks.
View 1 Replies
View Related
May 12, 2006
Hi all,
My work is using a shared application
which accesses a MSSQL 2000 database. To access the application, the
folder on the Windows 2003 Server is shared and users can access the
folder through a shared drive.
For the application to access the
database, it uses an ODBC connection to the MSSQL server which
originally used the SA password.
We have recently switched to using
Windows Integrated Authentication because we believe it offers a
higher level of security. However the only way in which we have been
able to enable this is to add the windows users to the SQL server.
The problem with this is that the
application sets permissions for individual users on what records
they can see within the database. We have found that by adding the
windows users to the SQL Server, they can bypass the permissions the
set by the application by simply using any application that can use
an ODBC connection, such as Enterprise Manager, and see all the
database.
One way around this would be to set up
domains of users with access privileges to the tables which reflect
the permissions set by the application, and configuring a view of the
data so they may only see the records that they have permissions to.
However to do this would require a high administrative cost to ensure
that changes made in the application are reflected in the privileges
of the SQL server.
Instead, is there a way the SQL server
can authenticate that the ODBC connection is coming from the correct
application using Windows Integrated Authentication?
This would allow the applcation to
determine security, and stop users from connecting to the SQL server
using other applications.
Alternatively, can the SQL server,
using Windows Integrated Authentication, also ask the application to
supply a username and password?
Any help with this matter would be
greatly appreciated.
Thanks!
View 4 Replies
View Related
Aug 25, 2006
Hi,I'm using SQL Server 2005. My Connection String looks like that at the moment: <add name="LocalSqlServer" connectionString="Data Source=xx;Initial Catalog=xx;Persist Security Info=True;User ID=xx;Password=xx" providerName="System.Data.SqlClient"/> Now I'd like to change this kind of authentication to Integrated Windows AuthenticationI added the WorkerProcess IIS_WPG to the permitted Users but it didn't help.Changed the Connection String to this:connectionString="Server=xx;Database=xx;Trusted_Connection=True;"All I'm getting is that my NetworkService is not permitted to access DB when I try to connect to the DB in ASP.NET.How can I properly configure that? Thanks!
View 4 Replies
View Related
May 8, 2003
Hello
Can anyone tell me what is the difference between sql authentication and windows authentication.
Examples of each would be very useful
Many thanks in advance
Steve
View 2 Replies
View Related
Oct 16, 2006
Would anyone please help me out here. which of the 2 modes of authentication is better and why??
View 3 Replies
View Related
Dec 18, 2006
Hi,
Say, I have configured my SQL to use Mixed Authentication. Now, I have a applicaiton which uses my SQL Server. The application just creates a database in SQL Server and uses the database to store its information.
This application also has a SYSTEM DSN under ODBC through which it accesses the database. For the application to access this database, should I only use SA (as my SQL instance is configured to use Mixed Authentication) or can I use Windows Authentcation too...
If I should only use SA, do we have a documentation which talks about this.
Thanks
Santhosh
View 1 Replies
View Related
Mar 12, 2008
For using different services of SQL SERVER 2005 which is better...
Windows Authentication or SQL Server Authentication?
what are the advantages and disadvantages of both?
View 5 Replies
View Related
Sep 24, 2005
I am designing an application built on sql server 2000
how can I prohibit other sql server users from accessing my database and allowing only acceesing it through my application or through owner designer of sql server database.
my situation needs sometimes copying the db from the end user platforms to
my designer computer to analyze some problems or maintainenace or modification, and also I have no control on users windows environment and I need the end user professional not to enter the my db from outside my application.
So,
is there anything I can do to secure an MDF (MSDE/SQL Server 2000) file so that a user cannot see my schema under any circumstances.
Even if I lock the MDF down and secure the instance, a smart user can just shut off the SQL server, copy the MDF to another instance, sp_attachdb and open it with sa rights. I need a way to prevent others from getting inside my schema.
View 1 Replies
View Related
Apr 28, 2008
Hi,
Do you guys know how to call secure FTP from a script task in an SSIS package which can be done by invoking the exe like winscp from a script task
View 1 Replies
View Related
Apr 9, 2008
hi everybody ,
Can anybody tell me about Secure FTP
and how the code for uploading and downloading of files can be write using Visual C#
actually i have created code for Standad FTP(normal FTP), but when I am using it for secure FTP then the compiler is giving an Exception: "Unable to create Remote Server"
very confuse about what to do....??
even very small help would be very very appreciable
thanx .... Nics
View 9 Replies
View Related
Feb 1, 2008
Hi.
I wonder if it is possible to set forms authentication for report manager but leave report server "as it is". I need to authenticate users from external LDAP and can't use windows authentication for report manager, but I would also like to leave report server open for anonymous users. In that way authenticated administrators could create reports which anonymous users could read.
I tested the Security Extension Sample and got it working when I rewrote the authentication part with my own LDAP authentication.
If I have understood correctly, the report manager is just application inside report server so is it possible to use forms authentication with one application but still leave the report server with Windows authentication?
View 1 Replies
View Related
Aug 9, 2004
Database files (.mdf and .ldf) could be copied and explored by attaching them to any other instance of sqlserver.
How we could secure those files as we can do for Access file using a password ?
Thanks for any comment.
skentafi
View 1 Replies
View Related
Nov 11, 2005
hi
this is my 1st time on this forum, I need to keep my DB secure on SQL server, that no body can enter into my DB and couldnt see my tables and other elements of DB.
Regards
AHK
View 2 Replies
View Related
Mar 21, 2006
i need to set up a sql server login that can query the database, but i don't want it to be able to see scheduled jobs or dts packages
actually if i could keep it out of enterprise manager altogether that would be great
how can i set this up?
View 1 Replies
View Related
Jun 30, 2005
If a user is a local admin of the box they can gain full access to the database via integrated security. They can create their own database and attach .MDF
How can i secure the .MDF so that no one can gain access to it?
View 1 Replies
View Related
Mar 5, 2008
I have developed an application that uses a SQL Server compact edition database (.sdf). The database contains important data that I do not wish people to access.
My question is if I choose to Encrypt the database using the option available when you create the database and specify a password how secure is it ?
Are there tools on the market that will be able to crack this password and therefore gain access ?
Thanks
View 1 Replies
View Related
Jul 20, 2005
We can find a lot of recommandations about how to secure a SQL*Server configuration.Does anyone have scripts to do it ?Any advices or links are welcome
View 2 Replies
View Related
Jul 20, 2005
How would I set up secure replication between 2 servers that are indifferent cities?Would I need to define linked servers first?Would I use SSL?Help appreciated. Thanks.Steve*** Sent via Developersdex http://www.developersdex.com ***Don't just participate in USENET...get rewarded for it!
View 1 Replies
View Related
Jul 10, 2007
Hello...
I develop a .NET Application which uses a SQL Express Database. The application will be distributet to several customers. That means the customer must have (or install) SQL Server Express Edition .
But we dont want that the users manual access to the database.
As far as understand that is not possible because the user (customer) will be the administrator for the SQL Server Express because it runs in his own PC (no password security).
Am I right? Thank you..
View 1 Replies
View Related
Oct 24, 2006
Is it possible to secure a SQL Server database or schema using a technique such as the .Net StrongNameIdentityPermission attribute? The intent is that SQL Server would only permit transactions coming from assemblies which were signed with a particular .Net StrongName private key.
We are installing a 3rd party SQL Server / ASP.Net application which must run in our DMZ and we are looking for all possible measures to secure the SQL Server database.
Thanks
View 1 Replies
View Related
Jun 30, 2005
If a user is a local admin of the box they can gain full access to the database via integrated security. They can create their own database and attach .MDF
View 24 Replies
View Related
Jun 16, 2007
hello all,
I've recently started using sql express 2005. I've used the features very conveniently.
But one thing i coudn't understand is how can i secure my database from unwanted access.
I've Installed Sql Express 2005 with mixed mode authentication (Sql authentication) and attached my Database. But it also connects with Windows authentication, and all my data tables are openly visible.!!
How can i Secure my database now..!!!
My intention is to restrict access to my databases only to certain users (may be SQL Logins)
Please guide me how to accomplish this...
Thanks
View 11 Replies
View Related
Feb 20, 2004
When I'm getting data from sqlserver using ado.net and a sqldataadapter, are the resultant network traffic packets secure? If I wanted to deploy my objects at a remote site, would I still be safe going straight to my sql server from there or should I build a web service and then auto generate 'remote' versions of my objects that will then communicate to the web service on https?
thanks
pat
View 2 Replies
View Related
Oct 30, 2004
I connect to my clients SQL databases via Enterprise Manager. Most of the time the SQL server resides at a web host. A colleague recently told me that this is a huge security hole and I should be using Remote Desktop instead.
I would appreciate other input, opinions, and guidance on this issue.
View 2 Replies
View Related
Aug 21, 2000
Hi!
Somebody knows if un-encrypt transact SQL is posible in sql 7? Thanks
Nestor Groel
View 1 Replies
View Related
Jan 31, 2008
Hello,
I am trying to find software for configuring a secure connection between two SQL servers over the internet for our application that runs sql statements between two databases.
Mabey some sort of SSH software that is desinged for this? I have attempted to use VPN however this is not for a network, just 2 servers, no domain controller or DHCP server is available, they are connected directly to the internet.
Any ideas would be appreciated.
View 4 Replies
View Related
May 11, 2007
I'm trying to design a system where I can filter (not secure) a users results, the user may or may not pass in a user ID. We typically use middle tier connection pooling with a single identity, so I believe labelling is not suitable.
I think the ideal solution would be...
User to establishes a connection through our application, a user id will be established as part of the connection.
A view is created describing what the user is able to access. Preferably the user should not be aware of the view.
The user or our application executes a number of select queries.
Note that there may be many users with different filters required connecting at any time.
Direct user updates of the table do not need to be supported.
View 1 Replies
View Related
Jan 20, 2006
Hi all.
I am developing an distributed VB.NET 1.1 application with a TripleDES capable socket layer for communication with my server app.
I need to secure the distributed app from the users within the organization I am developing it for (a franchise).
I do not wish to store any encryption keys in the source code as these would be obvious to any seasoned hacker through decompilation of my binaries (even with obfuscation). I have decided to use the windows DPAPI (under machine storage mode) to secure manually entered (at installation) encryption layer keys in the registry. The salt values for this DPAPI mode also need to be secured, as a disgruntled franchise owner may be the hacker (and hence would have admin privilege on the machine the software is installed on). Not as far fetched as you think !
This is the beginning of a vicious cycle. How do I secure and where do I store this salt value safely ? With it a hacker with admin privilige can easily decrypt my keys if they know I am using machine mode DPAPI. Can I use ACLs to protect the keys with an account I set up manually on the machine ? If so then I would need to be able to switch account identities in my code (which I haven't researched as yet) and then would need to store the password to that somewhere.
If anyone could offer any insight or direction it would be much appreciated.
View 11 Replies
View Related
