How to secure a SQL application > Discussions

July 30, 2010 Login |

Home
FAQs
       SQL Server FAQ
       SQL Injection FAQ
       SQL Security Checklist
       SQL Server-Related Products
       SQL Server/MSDE-Based Applications
       SQL Server Version Database
Tools
       Lockdown Script
       Free Tools
       Free Analysis
       Group Policy Templates
       Commercial Tools
Community
       Discussions
       Links
About
Search

SQL Security Forums

Note: SQLSecurity.com does not allow nor require registration due to privacy concerns for users. SQLSecurity.com is open and anonymous for all. Please report any abuse or profanity.

Unanswered

Active Topics

Forums

Forums > Discussions > SQL Server Security

Subject: How to secure a SQL application

Prev Next

Add Reply

Author

Messages

John Kelley

09/27/2001 5:53 PM	Quote Reply Alert
My company is having all sorts of new development with VB and SQL. We are now being faced with what is the best method of securing the SQL data. We only want the users to be able to get to the data using the application where their reads and writes are controlled. What would be the best solution(s) in accomplishing this? We would then require our developers to adhere to these types of security. In the past, we have created views and roles and give users access to roles, but this does not stop the users from using a SQL client such as ACCESS and reading and writing data on the database.

Chip Andrews

09/28/2001 7:00 PM	Quote Reply Alert
First, we need to know some things about the application - is it client/server or a web-based app? Will it need forms authentication or integrated with IIS? These should be questions that are easily asked of application engineers before the project begins. Once we know the requirements, coming up with a secure solution is much easier. Chip

John Kelley

10/01/2001 12:59 PM	Quote Reply Alert
I have both client/server and web-based apps to secure. I am interested in both types, but let's start with web-based since that is my task currently at hand. The web app is using Basic Authentication.

Chip Andrews

10/02/2001 5:17 PM	Quote Reply Alert
Since this discussion could go on for quite a while (there about 40+ questions that need to be answered before I could give you anything resembling a reliable answer) - I suggest you next reference the book: Howard, Levy, and Waymire. Designing Secure Web-Based Applications for Microsoft Windows 2000. Microsoft Press, 2000. It does a good job of giving you the necessary technology and security choices given the requirements. When you feel you have a solution that fits your requirements, bring it back and we can discuss what you need to do to secure it. Chip

John Kelley

10/03/2001 2:23 PM	Quote Reply Alert
thanks for the recommendation. I have been looking for a good SQL security book...

Add Reply

Forums > Discussions > SQL Server Security > How to secure a SQL application

Quick Reply

Username:
Subject:
Body:

ActiveForums 3.6