473,387 Members | 1,766 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

home > topics > microsoft sql server > questions > how to secure a database ...?

Join Bytes to post your question to a community of 473,387 software developers and data experts.

How to secure a database ...?

I am writing an application which I will deploy to my clients. It is
important for security, support, IP reasons etc, that the users are not
able to access my databse schema (i.e. view/modify/run procs etc).

What do I have to do to ensure that users will not be able to access my
database?

Also, I am thinking of installing SSE as a seperate instance with a
unique name - the idea being that it keeps my database away from any
that may exist on the clients machine - and thus provides extra
security. Is this a safer alternative than installing SSE under the
default SQLServer instance name?
Jun 27 '08 #1
1 3114
Annonymous Coward (me@home.com) writes:
I am writing an application which I will deploy to my clients. It is
important for security, support, IP reasons etc, that the users are not
able to access my databse schema (i.e. view/modify/run procs etc).

What do I have to do to ensure that users will not be able to access my
database?
It's a little unclear what you mean here. Someone must be able to access
the database, or else the database will not be very useful. In any case,
you can never prevent a user with admin rights in Windows from stopping
the SQL Server service and attaching the database to another instance.
But obviously when it comes to normal users, you can of course keep them
out by not granting them access to the database. That assumes that
they have no need to access your application.

If your question is how to prevent them from accessing the database from
outside your application, there are a couple of options, but keep in
mind that you can never lock out an admin. And all these options require
that you stick to a certain architecture of your application.

1) Put all logic in stored procedures, so if a user runs a stored procedure
from a query window, nothing evil will happen. That is, the procedure
should perform all security checks needed.

2) Use an application role. This solution requires a middle tier on a
separate machine to be secure. If you do this with a two-tier solution,
you need stored the password in the client tier, and obviously it
can be found, even if you hide it. On a middle tier, you can stored
the password in a place where users do not have access.

3) Use a proxy login. Again, this solution requires a middle tier to
be safe. The middle tier authenticates the users, and then logs into
the application with its own login. The users do not need to have
logins in SQL Server.

Also, I am thinking of installing SSE as a seperate instance with a
unique name - the idea being that it keeps my database away from any
that may exist on the clients machine - and thus provides extra
security. Is this a safer alternative than installing SSE under the
default SQLServer instance name?
I think you should give the person who installs your application the choice
of installing a new instance, or reusing an existing instance. I think
most users would prefer the latter. I would also suggest that this is
a more secure solution for the users, since it reduces their surface
area.
--
Erland Sommarskog, SQL Server MVP, es****@sommarskog.se

Books Online for SQL Server 2005 at
http://www.microsoft.com/technet/pro...ads/books.mspx
Books Online for SQL Server 2000 at
http://www.microsoft.com/sql/prodinf...ons/books.mspx
Jun 27 '08 #2
New Post

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

7
a secure log-in system
by: ojorus | last post by:
Hello! I want to make a login system as secure as possible on a website I develop. * The user shall log on using a Username and a password (which is stored in a mySQL database) *The server...
PHP
6
Secure Database Systems
by: Sarah Tanembaum | last post by:
I was wondering if it is possible to create a secure database system using RDBMS(MySQL, Oracle, SQL*Server, PostgreSQL etc) and web scripting/programming language(Perl, PHP, Ruby, Java, ASP, etc)...
PHP
18
How to get a Secure Web Page?
by: Anchorman | last post by:
I have no idea where to start on this. We have a need to allow our users to enter Credit Card #'s on a web page, so we need a secure page (have the little lock at the bottom of the browser) in...
ASP / Active Server Pages
8
Secure database retrieval
by: peter | last post by:
I have taken over the website duties at work. I am still learning PHP and MySQL. I want to have a form where the user enters some finacial info and it is stored in a database. It, obviously,...
PHP
7
Is data secure within an MDB/MDE file?
by: Norm | last post by:
Hi All, I have an MDB file which I want to remain secure. It checks for certain parameters upon startup, and will automatically exit if the program is opened/executed by an unauthorized user. ...
Microsoft Access / VBA
7
Session Scope, over domains and secure connections
by: Seth | last post by:
I have noticed that the id of my session object changes when I switch from a non-secure to a secure connection. What I'm trying to do: I have a cookie that is built on the non-secure side of...
ASP.NET
5
How do I make my database secure?
by: COHENMARVIN | last post by:
I have a sql server database hosted by an ISP. It has credit card fields. I want to make the database secure. My asp.net pages refer to the database as follows: strConnection =...
ASP.NET
5
Share session between secure and non-secure applications
by: Joe | last post by:
I have an application which runs in a non-secure environment. I also have an application that runs in a secure environment (both on the same machine). Is there any way to share the session data for...
ASP.NET
7
[mySql] How to keep passwords secure
by: Skijor | last post by:
I just finished writing my first php script that manipulates a simple shopping cart on a mySql database. I started with an example I found on the web. The example hardcodes the database server,...
PHP
6
webservices - more secure or just more helpful
by: =?Utf-8?B?Q3JhaWc=?= | last post by:
If I have an application that I send out to users, and the application interacts with the database (behind the scenes, no direct sql creation by the users)....do webservices make the app more...
.NET Framework
0
Easy Steps to Fix "Canon Printer Won't Connect to WiFi Network"
by: taylorcarr | last post by:
A Canon printer is a smart device known for being advanced, efficient, and reliable. It is designed for home, office, and hybrid workspace use and can also be used for a variety of purposes. However,...
General
0
How to turn on java script in a villaon keypad mobile phone
by: Charles Arthur | last post by:
How do i turn on java script on a villaon, callus and itel keypad mobile phone
Java
0
Basic Javascript concepts
by: aa123db | last post by:
Variable and constants Use var or let for variables and const fror constants. Var foo ='bar'; Let foo ='bar';const baz ='bar'; Functions function $name$ ($parameters$) { } ...
Javascript
0
Migrating Website to Cloud - Emmanuel Katto
by: emmanuelkatto | last post by:
Hi All, I am Emmanuel katto from Uganda. I want to ask what challenges you've faced while migrating a website to cloud. Please let me know. Thanks! Emmanuel
General
0
BarryA
Navigating the Data Structures and Algorithms (DSA)
by: BarryA | last post by:
What are the essential steps and strategies outlined in the Data Structures and Algorithms (DSA) roadmap for aspiring data scientists? How can individuals effectively utilize this roadmap to progress...
Algorithms / Advanced Math
1
Looking to do Android software development, any suggestions? Is flutter better?
by: nemocccc | last post by:
hello, everyone, I want to develop a software for my android phone for daily needs, any suggestions?
General
1
Is that possible of reading the .csv file in column wise and the column have different lengths ?
by: Sonnysonu | last post by:
This is the data of csv file 1 2 3 1 2 3 1 2 3 1 2 3 2 3 2 3 3 the lengths should be different i have to store the data by column-wise with in the specific length. suppose the i have to...
C / C++
0
marktang
What is ONU?
by: marktang | last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However,...
General
0
Changing the language in Windows 10
by: Hystou | last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can...
Windows Server

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2024
About Bytes
Terms Of Use
Privacy Policy
Sitemap
Advertise on Bytes:
Post a Job
Sponsored Posts
Platinum & Gold Sponsors
Hire Now!