Luke Johnson
 |
| 09/11/2001 4:29 AM |
 Quote
 Reply
 Alert
|
| I've been writing a web based app for company and we've found that employees with query analyser can alter the data in the tables without using the application. Does anyone have any ideas how we can restrict the users so they can only use the ASP pages to access the database? |
|
|
|
|
Chip Andrews
|
| 01/01/2001 12:00 AM |
Quote
Reply
Alert
|
| Consider the use of application roles. Also, does the web application use anonymous authentication or basic/NTLM?
If anon then simply deny access to the users and only give access to the SQL Server through the IIS anonymous user account.
Chip
|
|
|
|
|
Hal Smith
|
| 09/14/2001 10:52 AM |
Quote
Reply
Alert
|
| Hmm, seems to me I saw something like only granting SELECT to such users. Your app could then handle other permissions itself, in the appropriate context.
-h |
|
|
|
|
Gladys
|
| 01/29/2002 3:32 PM |
Quote
Reply
Alert
|
| The problem I've been reading with application role is that it will not function correctly with connection pooling. Is there a way to use both application roles & connection pooling ? |
|
|
|
|