Unanswered Active Topics Forums Search

Forums > Discussions > SQL Server Security Subject: SQL Server SPID

Prev Next

Add Reply

Author Messages Oldest First Newest First Aircast 09/11/2001 4:29 AM Quote Reply Alert  Hi everybody, I would like to know if it's possible to track a user through it's SPID under SQLServer. I'm reading a lot of logs from SQLServer database, it's the transaction logs for a specific table. My customer wants to know who have deleted confidential information in a specific table. Scheme : WEB_SERVER <-Cold Fusion-> DATA_BASE Apache (Win32) SQLServer 7.0 Cold Fusion is used to perform the connection to the database through some .cfm scripts (Cold Fusion is installed on the NT machine with apache server as well). The problem is the SPID, this SPID seems to be dynamic instead of static. I checked the apache logs as well and i didn't find any anormal requests. I found the SPID of the malicious user, this SPID is attached to a mac address, very useful. But if SPID is dynamic i can't do anything with this kind of information. Does anybody heard something on this SPID ? Regards. Chip Andrews 01/01/2001 12:00 AM Quote Reply Alert  spid assigment is not permanent and really is not a good tracking mechanism for a number of reasons. Does your application use integrated security? If not and all user simply share some single account to access the SQL Server then you are probably better off designing your stored procedures so that users must pass their application context to the back end when making calls. This way you can always see the user who is making the calls and when logging is C2 mode you will be able to detect the exact user making the attempts.
Add Reply	Discussions --SQL Server Security --SQL Server Versions
Forums > Discussions > SQL Server Security > SQL Server SPID
Quick Reply Username:   Subject:   Body:

ActiveForums 3.6