ug********@hotmail.com wrote:
Hi there, i'm doing a databse right now and i want it to be secure,
about 20-30 people (max) will be using it and it will be on a SQL
server.
My first question: I saw some web page about adding password to the
databse (group of people with the same rights and stuff like that) and
was wondering if it's good enough. (people who will use this databse
dont know much about computer but i dont want to be using the shift-s
method, i want something a bit more powerfull if i can).
Second : How does Access manage these passwords? I guess all password
will be in a tbl...but is it secure?
Third question: How would you secure your databse, any other option...
thx
short answer is: in your SQL Server you want to set up the server for
Windows Authentication. SQL Server will then look to teh Windows xerver
software to get a valid userID. You add each userID as a Login on the
SQL box itself. Then in each database that the user needs to connect to,
you add that login as a User. In each database you set up Roles, each of
which has different levels of permission for all the tables, view,
stored procedures, etc. One Role may be able to only Select from TableX,
while another role may have Select/Insert/Update permissions on TableX, etc.
Then when you have all your Roles set up for each database, you go to
the Properties/Permissions page for each user and assign them to the
role(s) they will need for that database.
You also need to define what SQL statement phrases each Role may use.
You can set it up so that nobody but the dbo and sa may use TRUNCATE or
DROP TABLE or ALTER TABLE in a SQL clause, for example. That's crucial
to prevent insertion-type hacking. Off the top of my head I forget where
you make those settings, somewhere in Enterprise Manager.
--
Terrell Miller
mi******@bellsouth.net
"Every gardener knows nature's random cruelty"
-Paul Simon RE: George Harrison