Please start any new threads on our new
site at https://forums.sqlteam.com. We've got lots of great SQL Server
experts to answer whatever question you can come up with.
| Author |
Topic |
|
AskSQLTeam
Ask SQLTeam Question
0 Posts |
 Posted - 2004-09-16 : 08:24:02
|
| David writes "Hello:There is lots of encouragement there for the use of Integrated (Windows) authorization, and I'd like go down that road, to avoid using stored credentials and to simplify administration of users and groups.However, the one thing that holds me back is the ability of users to execute rougue applications (such as Query Analyzer). I realize it is possible for a proc to test the calling applications name, but that can be faked easily. Checking IP addresses also seems to be a limited and ugly solution. Is there another path I should consider?THanks much,David" |
|
|
robvolk
Most Valuable Yak
15732 Posts |
Posted - 2004-09-16 : 08:27:04
|
| You can minimize the damage a rougue user can do by denying direct access to tables. Allow data access only through stored procedures or views, and only allow updates/deletes/inserts through stored procedures. It's a bit of work, but it keeps sneaky people from working with data in ways you don't want.I'd also suggest talking to your network admins about user profiles in Windows. They can exert a lot of control over what can and can't be installed on a computer by an end user. |
 |
|
|
|
|
|
Integrated Security and Rogue Applications