By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
438,419 Members | 1,648 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 438,419 IT Pros & Developers. It's quick & easy.

Execution of script at login

P: n/a
Is there a way to execute a script at login to check to do some
additional security checks after authentication?

Thanks,
James Brake

Jul 23 '05 #1
Share this Question
Share on Google+
4 Replies


P: n/a
Not automatically. Why not call the script in the client code that
opens the connection?

Could you explain what additional checks you would require at
connection time. If the user isn't authorized then why would give them
a login to the database?

--
David Portas
SQL Server MVP
--

Jul 23 '05 #2

P: n/a
Thanks for your reply.

If I had access to client code, I'd probably use an application role.
But, I do not.

The application gives each user read/write access to all tables
regardless of application security.

I was thinking of checking at login time whether the accessed the
database from the application or not.

James

Jul 23 '05 #3

P: n/a
Hi

If you write anything such as a audit record when they log in, you could use
a trigger to raiserror. It would not be a very elegant solution though!
John

"James" <jb****@aeci.org> wrote in message
news:11**********************@z14g2000cwz.googlegr oups.com...
Thanks for your reply.

If I had access to client code, I'd probably use an application role.
But, I do not.

The application gives each user read/write access to all tables
regardless of application security.

I was thinking of checking at login time whether the accessed the
database from the application or not.

James

Jul 23 '05 #4

P: n/a
James (jb****@aeci.org) writes:
If I had access to client code, I'd probably use an application role.
But, I do not.

The application gives each user read/write access to all tables
regardless of application security.

I was thinking of checking at login time whether the accessed the
database from the application or not.


This may be a case of just poor choice of words from your side, but permit
be to point out that the application cannot really give access to the
tables, unless it is logging in with a user that has such privileges.
But maybe you mean that the application requires the user to have
read/write access to the tables, because it is not using stored procedures?

In such case it may be a difficult task to handle. To prevent updates
you could add triggers on the tables that checks app_name() and rolls
back if the application is not the right one.
--
Erland Sommarskog, SQL Server MVP, es****@sommarskog.se

Books Online for SQL Server SP3 at
http://www.microsoft.com/sql/techinf...2000/books.asp
Jul 23 '05 #5

This discussion thread is closed

Replies have been disabled for this discussion.