473,785 Members | 2,568 Online
Bytes | Software Development & Data Engineering Community
+ Post

Home Posts Topics Members FAQ

SQL Server Connection User Security

I'm interested in opinion on how to handle the user security when connecting
an Access Application to a SQL server. It will be a front-end mdb installed
on each user's PC, connecting to the shared database.

Option 1 is to create the connection using Trusted Connections. At the
moment, this means we need to add each user into the SQL Server before they
can connect. Is this normal or is this a missed configuration of the SQL
Server?

Option 2 is to set-up a generic user like "AppUserX" and specify it into the
UID/PWD of the Access connection string. My question is with 10-20 users
utilising this app and connecting as the same user, does this cause a
problem with SQL user licence connections?
Thanks in advance.
Kevin
Nov 13 '05 #1
1 1856
This is a very large and complex issue.

I think studying MS-SQL security may be helpful to anyone:
http://msdn.microsoft.com/library/de...urity_05bt.asp

In my opinion, Access and MS-SQLwhen used together, (beyond the
trivial), may not provide adequate security and for this reason I no
longer create such applications.

Suppose J Doe has login privileges to the database, and SELECT, INSERT,
UPDATE, and DELETE permissions for a Table. He/she will need these to
edit data using a form bound to that Table. What will prevent J Doe
from using this login and these permissions from another Access
Database, from another application, or more or less directly through
Enterprise Manager?
Ah, you say, use a View and restrict the View to data that is within J
Doe's authority. How exactly will you do that? If there are just John,
Jane and Jezebel Doe and users almost never change it will not be too
onerous. But if there are 200 users at 100 different sites, and seven
of these change per week?
Groups? In the case I suggest there will be 100 groups.

MS-SQL server has a solution. It is called application roles. When one
uses application roles it is your application that has permissions, not
users. So beyond your application, the user can do nothing.
With ADPs, application roles do not work, or work so poorly that they
cannot be used in any complex application. This is because application
roles are not really application roles, but connection roles, and ADPS
use many connections, some of which are documented and clear, and some
of which are hidden and cannot be identified, and, worst, some of which
seem to change according to the phases of the moon, days of the week,
or smog levels.

Can one use application roles with mdbs and odbc connections? I don't
know but I'd love to hear from someone who has done so successfully.

Further I may say that no one I know of agrees with me.

Nov 13 '05 #2

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics
6
11780
Connection to SQL Server
by: Keith Norris | last post by:
I am having a problem connecting to my SQL Server with the following ASP code: set cn = server.createobject("adodb.connection") cn.connectionstring = "Provider=sqloledb; data source=midatlanticus; Integrated Security=SSPI" cn.open But, if I use the same connection string in a VB program, I connect successfully. The VB code that works successfully is as follows:
ASP / Active Server Pages
2
2581
not associated with trusted SQL Server problem - windows service
by: epaetz | last post by:
I'm getting Not associated with a trusted SQL Server connection errors on a .Net windows service I wrote, when it's running on my application server. It's not a problem with mixed mode security. I'm set for mixed mode and I've been running the service on the app server for over a month with no problem. My database is running on a second server and both are under the same domain. The problem has occurred twice over the last two months.
Microsoft SQL Server
7
2166
Trusted SQL Server connection
by: Ray Valenti | last post by:
I am able to preview this data in the development environment, but when I run the application the error below shows up. How do I set up a Trusted Connection? -Ray Server Error in '/WebApplication2' Application. ---------------------------------------------------------------------------- ----
ASP.NET
13
2285
Server Error in '/MyWebForm' Application
by: Edward Mitchell | last post by:
I have a problem that involves the error I receive when attempting to complete the asp.net web application example (Walkthrough: Creating a Web Application Using a Third-Party Business Object). When I first create the SQL connection in VS.NET 2003, I test the connection and everything works fine. However, when I attempt to run the first stage of the app (the bound datagrid), I receive an error stating: login failed for user...
ASP.NET
4
5246
ASP 2.0 and SQL Server 2005, attaching a .mdf
by: Greg P | last post by:
I know this is a long post, please bear with me. I have been working on this all weekend to no avail although I have done a good amount of research (see most pertinent links that I've looked at below). Please help me get through this!!! I'm having some serious problems attaching a .mdf file and accessing it. I have a WroxUntied.mdf that I want to attach and then run the website that uses it. This is a .mdf file from wrox books. ...
ASP / Active Server Pages
7
2758
Use VS2005 with Sql Server 2005 and attach a .mdf (ASP 2.0)
by: Greg P | last post by:
I know this is a long post, please bear with me. I have been working on this all weekend to no avail although I have done a good amount of research (see most pertinent links that I've looked at below). Please help me get through this!!! I'm having some serious problems attaching a .mdf file and accessing it. I have a WroxUntied.mdf that I want to attach and then run the website that uses it. This is a .mdf file from wrox books. This file...
ASP.NET
1
2121
Problems when trying to build Connection to SQL Server Express from ASP.NET application
by: kito | last post by:
Hi, I have a problem, when I want to access to my SQL Server Express database from my ASP.NET application. My workstation ID is KITOLAP-HP My username is user01 Now I built the following connection String (VB.NET): Dim workstation As String = System.Environment.GetEnvironmentVariable("computername") connectionString = "workstation id=""" & workstation & """;packet
Microsoft SQL Server
3
2616
Development environment setup: connect to SQL Server 2000 database
by: =?Utf-8?B?ZGF2aWQ=?= | last post by:
Last week I asked a question about connection to database from client machine (developer machine). I have changed the database security setup for "SQL Server and Windows" under (local)Windows NT node of Enterprise Manager. However, I could not setup a database connection to Server from Client using Server Explorer of Visual Studio 2005. The detail is in the following. Configuration of server and client: Server: Windows Server 2000, SQL...
ASP.NET
4
12093
Login failed for user ''. The user is not associated with a trusted SQL Server connection.
by: eruth | last post by:
There are loads of post on this, but nothing that seems to cover my exact problem ;) I have an ASP.Net 1.1 web application running on my local machine. I want to connect to an SQL 2005 server running on Windows 2003. If I use SQL authentication, all is fine and dandy. If I want to use windows authentication it gives the above error. My SQL server is set to allow both methods (first thing I checked) and is part of the domain (2nd...
ASP.NET
17
2654
ASP and SQL Server 2005 Express
by: Anil Gupte | last post by:
I am using the following to try to connect to the database, but it does not seem to be working. Dim sConnString sConnString = "Provider=SQLNCLI.1;Integrated Security=SSPI;Persist Security Info=False;Initial Catalog=MediaDB;Data Source=MEDIAMACHINE\SQLEXPRESS" Connection.Open sConnString Dim Recordset Set Recordset=Server.CreateObject("ADODB.Recordset")
ASP / Active Server Pages
0
9645
marktang
What is ONU?
by: marktang | last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However, people are often confused as to whether an ONU can Work As a Router. In this blog post, we’ll explore What is ONU, What Is Router, ONU & Router’s main usage, and What is the difference between ONU and Router. Let’s take a closer look ! Part I. Meaning of...
General
0
10341
Oralloy
Problem With Comparison Operator <=> in G++
by: Oralloy | last post by:
Hello folks, I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>". The problem is that using the GNU compilers, it seems that the internal comparison operator "<=>" tries to promote arguments from unsigned to signed. This is as boiled down as I can make it. Here is my compilation command: g++-12 -std=c++20 -Wnarrowing bit_field.cpp Here is the code in...
C / C++
1
10095
The easy way to turn off automatic updates for Windows 10/11
by: Hystou | last post by:
Overview: Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows Update option using the Control Panel or Settings app; it automatically checks for updates and installs any it finds, whether you like it or not. For most users, this new feature is actually very convenient. If you want to control the update process,...
Windows Server
0
9954
tracyyun
Discussion: How does Zigbee compare with other wireless protocols in smart home applications?
by: tracyyun | last post by:
Dear forum friends, With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each protocol has its own unique characteristics and advantages, but as a user who is planning to build a smart home system, I am a bit confused by the choice of these technologies. I'm particularly interested in Zigbee because I've heard it does some...
General
1
7502
isladogs
Access Europe - Using VBA to create a class based on a table - Wed 1 May
by: isladogs | last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome a new presenter, Adolph Dupré who will be discussing some powerful techniques for using class modules. He will explain when you may want to use classes instead of User Defined Types (UDT). For example, to manage the data in unbound forms. Adolph will...
Microsoft Access / VBA
0
5513
Windows Forms - .Net 8.0
by: adsilva | last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
Visual Basic .NET
1
4054
transfer the data from one system to another through ip address
by: 6302768590 | last post by:
Hai team i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system
C# / C Sharp
2
3656
muto222
How to add payments to a PHP MySQL app.
by: muto222 | last post by:
How can i add a mobile payment intergratation into php mysql website.
PHP
3
2881
bsmnconsultancy
Comprehensive Guide to Website Development in Toronto: Expert Insights from BSMN Consultancy
by: bsmnconsultancy | last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence can significantly impact your brand's success. BSMN Consultancy, a leader in Website Development in Toronto offers valuable insights into creating effective websites that not only look great but also perform exceptionally well. In this comprehensive...
General

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2024
About Bytes
Terms Of Use
Privacy Policy
Sitemap
Advertise on Bytes
How to Post and Respond on Bytes
How to Promote and Link on Bytes
How to increase your Ranking on Bytes
Become a Recognized Expert on Bytes
Feedback Welcomed! Contact Us