Please start any new threads on our new
site at https://forums.sqlteam.com. We've got lots of great SQL Server
experts to answer whatever question you can come up with.
Author |
Topic |
ayanmitra
Starting Member
1 Post |
Posted - 2008-10-27 : 02:36:54
|
Dear Forum Members,Our application is desinged on .Net Framework, which uses SQL Server 2000. During installation our application creates the required database and connects the SQL Server instance using 'SA' credentials. The system on which our application runs is basically either Windows 2000 server/professional OR Windows 2003 Server OR Windows 2003 SBS. All the user logs in this system with Windows Administrative credentials. We dont have any central server and once our application is installed we don't have any control over it. The user uses the same system for several other purpose, hence we cannot block him from logging into the system without an Administrative power.Our requirement is to protect the database completely from the end-users. The goal is; whatever modification is made in the tables (addition/deletion/updation of records), it should strictly happen only and only from our application, not from anywhere else (Query analyzer, Enterprise manager etc.). However the user should be able to view the data (or even query it) from Query analyzer. He should also be able to take a backup of the database.We created few users with bare minimum permission (through which only viewing the data is possible) and had a very strong password for SA too (which is not revealed to the users). We have encrypted the SPs and other programming units, so that they should not be viewed by the user. But the only problem is with the Mixed Authentication And Windows Authentication Modes. As I told earlier, since the user logs into the system with Administrative priviledge he can use Windows Authentication Mode to edit the data, which we strictly want to restrict. My question is "How can I restrict the end-users from not editing the data even if they logged in the system using Windows Administrative priviledge and connecting the SQL Server Instance using Mixed Mode Authentication OR Windows Authentication ?". I cannot see a option through which I can set the Mode to "only and only to SQL Server Authentication Mode" (I can understand it is kept for only backward compatibility). Please advice me. PL Note: I cannot change the whole architecture right now as the software is running at more than 500+ places without any problem. Whatever solution you should provide should be feasible . Waiting for your response!Ayan MitraPlease consider environment, before printing this document. |
|
clarkbaker1964
Constraint Violating Yak Guru
428 Posts |
Posted - 2008-10-27 : 20:54:32
|
If you cant control the instance and the access level then you cant prevent them from editing the data.It is possible to encript all of the data values using an encription key defined in the applicaiton layer. At least if they attempt to edit the data from any tool other than your application they will only see the encrypted results, rather than the values themselves.Otherwise you would need to install a dedicated instance and lockout all NT permissions at the instance level.You can do anything at www.zombo.com |
|
|
Elisabeth Redei
Starting Member
15 Posts |
Posted - 2008-11-06 : 14:01:45
|
Hi Ayan,Am I missing something here or why can't you disable the Builtin/administrators login? That's what you would normally do when, as a database administrator, you don't trust your windows administrator. However, a lot of people keep as a backdoor if there is an eff up with the sa account password.HTH!/elisabethelisabeth@sqlserverland.com |
|
|
|
|
|
|
|