July 30, 2010     |
Home
FAQs
       SQL Server FAQ
       SQL Injection FAQ
       SQL Security Checklist
       SQL Server-Related Products
       SQL Server/MSDE-Based Applications
       SQL Server Version Database
Tools
       Lockdown Script
       Free Tools
       Free Analysis
       Group Policy Templates
       Commercial Tools
Community
       Discussions
       Links
About
Search
Network Toaster
SQL Security Forums
Note: SQLSecurity.com does not allow nor require registration due to privacy concerns for users. SQLSecurity.com is open and anonymous for all. Please report any abuse or profanity.
Reply To Message:
Posted By n/a on 1/1/2001
Subject: Spids
Message: spid assigment is not permanent and really is not a good tracking mechanism for a number of reasons. Does your application use integrated security? If not and all user simply share some single account to access the SQL Server then you are probably better off designing your stored procedures so that users must pass their application context to the back end when making calls. This way you can always see the user who is making the calls and when logging is C2 mode you will be able to detect the exact user making the attempts.
UserName: 
Subject:  SQL Server SPID
Body:
  
Show Replies:


ActiveForums 3.6
Copyright 1999 by Chip Andrews   |  Privacy Statement  |  Terms Of Use