473,378 Members | 1,470 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

home > topics > microsoft sql server > questions > securing local msde applications

Join Bytes to post your question to a community of 473,378 software developers and data experts.

Securing local MSDE applications

Hi,

I am writing an application that uses MSDE to store data.
Both application & MSDE run on the same computer.
I want to regulate the operations done on the DB by the user. For
example, I don't want to allow "standard" users to delete records,
update certain fields, etc...
I can regulate these rules within my program, but what if the user runs
MSDE query for example on the DB and fetches the list of users &
passwords from the DB ?
In other words, I need to make sure only the application has access to
the DB. This seems like a common type of problem but I haven't been
able to find any solutions.
Any suggestions would be greatly appreciated.

Danny

Jul 23 '05 #1
1 1390
> In other words, I need to make sure only the application has access to
the DB. This seems like a common type of problem but I haven't been
able to find any solutions.
One approach is to employ application roles. This allows users to connect
using their regular login but with limited permissions until the application
role is activated.

You can create an application role using sp_addapprole and grant the needed
permissions:

USE MyDatabase
EXEC sp_addapprole 'MyAppRole', 'MyAppRolePassword'
GRANT ALL ON MyTable TO MyAppRole

You can then enable an app role from within your application.

EXEC sp_setapprole 'MyAppRole', 'MyAppRolePassword'

With this approach, users are limited to their regular SQL Server
permissions outside your application. Another method is to create and use a
standard SQL login for database connectivity within your app that is unknown
to your users.

See the Books Online for more information.
--
Hope this helps.

Dan Guzman
SQL Server MVP

"Danny Liberty" <dl******@gmail.com> wrote in message
news:11**********************@z14g2000cwz.googlegr oups.com... Hi,

I am writing an application that uses MSDE to store data.
Both application & MSDE run on the same computer.
I want to regulate the operations done on the DB by the user. For
example, I don't want to allow "standard" users to delete records,
update certain fields, etc...
I can regulate these rules within my program, but what if the user runs
MSDE query for example on the DB and fetches the list of users &
passwords from the DB ?
In other words, I need to make sure only the application has access to
the DB. This seems like a common type of problem but I haven't been
able to find any solutions.
Any suggestions would be greatly appreciated.

Danny

Jul 23 '05 #2
New Post

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

1
MSDE 2000 Versions
by: izzy | last post by:
I was wondering if any of you guys can kindly help me in finding all the different versions of MSDE 2000 that came out since it's first release. I expected to find something similar like Sun's...
Microsoft SQL Server
1
Securing Databases From Porting
by: AMK | last post by:
I have a situation where I have an app that uses a sql server (msde) database. The app will be used in environments where no one should be able to manipulate the data except the developers (app...
Microsoft SQL Server
2
Converting database to MSDE
by: Rosy Moss | last post by:
I am in the process of cleaning up a database that our company uses to track jobs, time and expense, and customer information. We are running Windows 2000 Server with approximately 20 terminals...
Microsoft Access / VBA
7
csharp windows app and local database
by: DKode | last post by:
I will be making a windows app that will run on user's local machines. It will not be in a networked environment or anything like that which rules out SQL Server for the database. I am trying to...
C# / C Sharp
11
Securing hashing algorithm
by: Wm. Scott Miller | last post by:
Hello all! We are building applications here and have hashing algorithms to secure secrets (e.g passwords) by producing one way hashes. Now, I've read alot and I've followed most of the advice...
C# / C Sharp
1
Can't use 'local' to find sql server instances on local machine
by: karim | last post by:
My computer (connected to a domain) is having trouble connecting to the local MSDE when using 'local' or '(local)' as server name. The only way I can connect to server through Visual Studio or DTS...
ASP.NET
16
MS Access DB used by both a local App and .net Web App
by: JonnyD | last post by:
I am working on a project to build a reporting web app from an exsiting database that is controled by a local application. The application that has control over the database creates a lock file to...
ASP.NET
10
Local tables or linked local database?
by: Jim Devenish | last post by:
I have a split front end/back end system. However I create a number of local tables to carry out certain operations. There is a tendency for the front end to bloat so I have set 'compact on...
Microsoft Access / VBA
1
Cloud Servers without Credit Card and Email Registration: A Simpler Way to Get on the Cloud
by: CloudSolutions | last post by:
Introduction: For many beginners and individual users, requiring a credit card and email registration may pose a barrier when starting to use cloud servers. However, some cloud server providers now...
General
0
Wordpress or something else?
by: Faith0G | last post by:
I am starting a new it consulting business and it's been a while since I setup a new website. Is wordpress still the best web based software for hosting a 5 page website? The webpages will be...
Content Management Systems
0
isladogs
Access Europe: Command bars, the Access Shortcut Tool and a simple Audit Log - Wed 3 April
by: isladogs | last post by:
The next Access Europe User Group meeting will be on Wednesday 3 Apr 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome former...
General
0
How to turn on java script in a villaon keypad mobile phone
by: Charles Arthur | last post by:
How do i turn on java script on a villaon, callus and itel keypad mobile phone
Java
0
Merging data from multiple Excel files
by: ryjfgjl | last post by:
In our work, we often receive Excel tables with data in the same format. If we want to analyze these data, it can be difficult to analyze them because the data is spread across multiple Excel files...
Data Management
0
Migrating Website to Cloud - Emmanuel Katto
by: emmanuelkatto | last post by:
Hi All, I am Emmanuel katto from Uganda. I want to ask what challenges you've faced while migrating a website to cloud. Please let me know. Thanks! Emmanuel
General
0
BarryA
Navigating the Data Structures and Algorithms (DSA)
by: BarryA | last post by:
What are the essential steps and strategies outlined in the Data Structures and Algorithms (DSA) roadmap for aspiring data scientists? How can individuals effectively utilize this roadmap to progress...
Algorithms / Advanced Math
1
Looking to do Android software development, any suggestions? Is flutter better?
by: nemocccc | last post by:
hello, everyone, I want to develop a software for my android phone for daily needs, any suggestions?
General
1
Is that possible of reading the .csv file in column wise and the column have different lengths ?
by: Sonnysonu | last post by:
This is the data of csv file 1 2 3 1 2 3 1 2 3 1 2 3 2 3 2 3 3 the lengths should be different i have to store the data by column-wise with in the specific length. suppose the i have to...
C / C++

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2024
About Bytes
Terms Of Use
Privacy Policy
Sitemap
Advertise on Bytes:
Post a Job
Sponsored Posts
Platinum & Gold Sponsors
Hire Now!