I've read many incomplete opinions about the "Best Practice" for securely
accessing SQL but what I really need to find the "Best Practice" that fits my
applications needs.
Currently (alpha stage) I am Using a .Net DSN-Less SQLConnection method in
my client program (vb.net) and sending uid/pwd across the network. The
client only
calls upon the stored procedures to access the tables in SQL 2005.
This is a semi commercial application which will be installed by 3rd party
on an active directory networks. The database will house mostly encrypted
information so I want to keep people, from messing with it.
Any ideas on how I should tackle this?
------------------------------------------------------------------------
I've been reading alot and not liking what I'm seeing so far.
I can tell right away that I'm going to have to use a trusted connection and
add users to the database. Which in return allows them to logon to the server
(GRRR) using the management studio. Doing that means they can play with the
SP's, using them to not only read but write to all that the SP has access to.
Plus they can see other users and look at any account I might be using to
"EXECUTE AS" and use that to their advantage.
There are only two ways that I can figure out to secure my DB from tampering.
First way:
1. Create a master SP that has the rights to execute the existing app SPs.
2. Give my users access to just the master SP.
3. In my program instead of executing the SPs directly i would have to
encrypt the target sp and params and pass them to the master SP.
4. The master SP would then decrypt and forward on to the right app SP.
Second Way:
1. Implement a required parameter in each SP that can be used to verified
that my application sent the request and not someone jacking with a query
analyzer.
I'm not looking to stop the elite hacker here but I am trying to keep my
customers information safe from the SQL savvy users who are not DBA's.
9  6250 
On Nov 7, 5:31 pm, Ammer <Am...@discussi ons.microsoft.c omwrote:
I've read many incomplete opinions about the "Best Practice" for securely
accessing SQL but what I really need to find the "Best Practice" that fits my
applications needs.
Currently (alpha stage) I am Using a .Net DSN-Less SQLConnection method in
my client program (vb.net) and sending uid/pwd across the network. The
client only
calls upon the stored procedures to access the tables in SQL 2005.
This is a semi commercial application which will be installed by 3rd party
on an active directory networks. The database will house mostly encrypted
information so I want to keep people, from messing with it.
Any ideas on how I should tackle this?
------------------------------------------------------------------------
I've been reading alot and not liking what I'm seeing so far.
I can tell right away that I'm going to have to use a trusted connection and
add users to the database. Which in return allows them to logon to the server
(GRRR) using the management studio. Doing that means they can play with the
SP's, using them to not only read but write to all that the SP has access to.
Plus they can see other users and look at any account I might be using to
"EXECUTE AS" and use that to their advantage.
There are only two ways that I can figure out to secure my DB from tampering.
First way:
1. Create a master SP that has the rights to execute the existing app SPs.
2. Give my users access to just the master SP.
3. In my program instead of executing the SPs directly i would have to
encrypt the target sp and params and pass them to the master SP.
4. The master SP would then decrypt and forward on to the right app SP.
Second Way:
1. Implement a required parameter in each SP that can be used to verified
that my application sent the request and not someone jacking with a query
analyzer.
I'm not looking to stop the elite hacker here but I am trying to keep my
customers information safe from the SQL savvy users who are not DBA's.
Adding user does not mean that they have to have full access. You can
grant the user's access to just the schema's that you want, as well as
limit what they can do with your database objects.
--
Tom Shelton
Adding user does not mean that they have to have full access. You can
grant the user's access to just the schema's that you want, as well as
limit what they can do with your database objects.
I understand that but if I lock all users down to the SP execute they can
still login tamper with the SP in SQL Manager and see the other accounts i
use to "Execute As"
Ammer,
There is no "Best Practice" in .Net, you can use *your* Best Practice based
on the problems that you have.
If there is "Best Practise", then there is no alternative.
Cor
Ammer wrote:
>Adding user does not mean that they have to have full access. You can
grant the user's access to just the schema's that you want, as well as
limit what they can do with your database objects.
I understand that but if I lock all users down to the SP execute they can
still login tamper with the SP in SQL Manager and see the other accounts i
use to "Execute As"
What do you mean "login tamper" with an SP?
If you only give users Execute permissions on stored procedures and no
other permissions, I don't really see what they can do to break things.
Yes, they may be able to see other accounts, but I assume they won't
have passwords to those accounts, so I think it's a moot point.
From Books Online:
"ALTER PROCEDURE permissions default to members of the sysadmin fixed
server role, and the db_owner and db_ddladmin fixed database roles, and
the owner of the procedure, and are not transferable."
So they will not be able to alter your stored procedures...
Not sure if any of that helps - I feel I've misunderstood your question,
but I'm not sure where!!
Cheers,
RB.
Very helpfull thanks. 8)
"Cor Ligthert[MVP]" wrote:
Ammer,
There is no "Best Practice" in .Net, you can use *your* Best Practice based
on the problems that you have.
If there is "Best Practise", then there is no alternative.
Cor
By tamper I mean. Bypass the security built into the end client by using the
SP to run select and update statments at will. I don't think its a moot point
though. Its the data people want to protect not so much the passwords.
What do you mean "login tamper" with an SP?
If you only give users Execute permissions on stored procedures and no
other permissions, I don't really see what they can do to break things.
Yes, they may be able to see other accounts, but I assume they won't
have passwords to those accounts, so I think it's a moot point.
From Books Online:
"ALTER PROCEDURE permissions default to members of the sysadmin fixed
server role, and the db_owner and db_ddladmin fixed database roles, and
the owner of the procedure, and are not transferable."
So they will not be able to alter your stored procedures...
Not sure if any of that helps - I feel I've misunderstood your question,
but I'm not sure where!!
Cheers,
RB.
This is a repeat, but I'll add some extra info:
What I suggest is:
Use Sql Authentication
Create a login/db user.
Give this user the most anal, most restrictive permissions possible. Aka,
only what they bare bones need.
And encrypt the .config file.
Using the enterpriselibra ry.data is suggested: http://msdn.microsoft.com/msdnmag/is...07/DataPoints/
because they have "how to encrypt" done for you very nicely.
............
If they don't have nt_autheniticat ion, then they can't do anything based on
their nt credentials. (Which is your primary concern)
If you encrypt the config files, they can't use sql authentication
credentials to get in, because they don't know them.
...
Good luck.
"Ammer" <Am***@discussi ons.microsoft.c omwrote in message
news:E0******** *************** ***********@mic rosoft.com...
I've read many incomplete opinions about the "Best Practice" for securely
accessing SQL but what I really need to find the "Best Practice" that fits
my
applications needs.
Currently (alpha stage) I am Using a .Net DSN-Less SQLConnection method in
my client program (vb.net) and sending uid/pwd across the network. The
client only
calls upon the stored procedures to access the tables in SQL 2005.
This is a semi commercial application which will be installed by 3rd party
on an active directory networks. The database will house mostly encrypted
information so I want to keep people, from messing with it.
Any ideas on how I should tackle this?
------------------------------------------------------------------------
I've been reading alot and not liking what I'm seeing so far.
I can tell right away that I'm going to have to use a trusted connection
and
add users to the database. Which in return allows them to logon to the
server
(GRRR) using the management studio. Doing that means they can play with
the
SP's, using them to not only read but write to all that the SP has access
to.
Plus they can see other users and look at any account I might be using to
"EXECUTE AS" and use that to their advantage.
There are only two ways that I can figure out to secure my DB from
tampering.
First way:
1. Create a master SP that has the rights to execute the existing app SPs.
2. Give my users access to just the master SP.
3. In my program instead of executing the SPs directly i would have to
encrypt the target sp and params and pass them to the master SP.
4. The master SP would then decrypt and forward on to the right app SP.
Second Way:
1. Implement a required parameter in each SP that can be used to verified
that my application sent the request and not someone jacking with a query
analyzer.
I'm not looking to stop the elite hacker here but I am trying to keep my
customers information safe from the SQL savvy users who are not DBA's.
He is saying that there is not 1 (singular) "best" practice.
There are several options, and you gotta pick based on your needs.
Which he is correct.
The best way to state the problem is:
"I'm looking for the best solution that meets these particuliar needs". "Do
you have any suggestions?"
.............
"Ammer" <Am***@discussi ons.microsoft.c omwrote in message
news:74******** *************** ***********@mic rosoft.com...
Very helpfull thanks. 8)
"Cor Ligthert[MVP]" wrote:
>Ammer,
There is no "Best Practice" in .Net, you can use *your* Best Practice
based
on the problems that you have.
If there is "Best Practise", then there is no alternative.
Cor
Hi Ammer,
Okay, I think my original understanding was basically correct.
Users will not be able to bypass the security built into the end client
by using the SP to run select and update statements at will, because
they cannot alter the stored procedures (as you would not have added
them to a group which can alter procedures).
They will be able to execute the existing SPs however, thus bypassing
any front-end validation your client application does. If this is your
concern then I guess you'll have to employ one of the methods you
outlined earlier.
Sorry that's not much help!!
Cheers,
RB.
Ammer wrote:
By tamper I mean. Bypass the security built into the end client by using the
SP to run select and update statments at will. I don't think its a moot point
though. Its the data people want to protect not so much the passwords.
>What do you mean "login tamper" with an SP?
If you only give users Execute permissions on stored procedures and no
other permissions, I don't really see what they can do to break things.
Yes, they may be able to see other accounts, but I assume they won't
have passwords to those accounts, so I think it's a moot point.
From Books Online:
"ALTER PROCEDURE permissions default to members of the sysadmin fixed
server role, and the db_owner and db_ddladmin fixed database roles, and
the owner of the procedure, and are not transferable."
So they will not be able to alter your stored procedures...
Not sure if any of that helps - I feel I've misunderstood your question,
but I'm not sure where!!
Cheers,
RB.
This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics | |
by: Wm |
last post by:
As an amateur wannabe-pro programmer, I am trying to learn not only how to
use PHP but how to do it *efficiently*. (Trust me, you don't wanna see some
of my stuff!!!) I'm noticing a number of my pages have a mixture of HTML
and PHP, very interspersed. Example: A form with 20 fields where I echo a
variable in each field to show existing data. My question is really about
the best practice to do this, as I have seen some interesting use of...
|
by: Aaron Davies |
last post by:
I'm developing a collaborative whiteboard, in which all objects
(shapes, clip art icons, etc.) are synchronized between all
participants in a session. It's working well, but I'm running into a
problem: if two people try to drag the same object at the same time,
nothing prevents them from doing so, and whichever one them lets go
first will have his move be the one that takes effect. (The other
person's client will probably crash at the...
|
by: Svein Erik Storkaas |
last post by:
I am about to add security to a web project for the first time, and i'm
wondering what the easiest, yet a good way to do this?
The page is just for personal use, so it does not need to be "ultra" secure.
Is it ok just to store 'usrName' and 'psWrd' in an Access db, and manage it
from there? If so, how do i control if the user really IS authorized on all
the 'protected' pages?
Thanks!
|
by: Achim Domma |
last post by:
Hi,
I have to convert a string to its "best possible" ascii representation.
It's clear to me that this is not possible or sense full for all unicode
characters. But for most European characters it should be possible.
For example:
"Müller" should become "Muller" and "é" should become "e".
|
by: elias.farah |
last post by:
Hello Everyone,
I'm having some very weird behavior on a couple of Access forms. (Not
all forms, just some of them).
The forms have been working for years, under Access XP/2003 etc, and
last week upgraded from Windows XP/Office 2003 to Vista x64/Office
2007.
Under Access 2007, a couple of forms are now taking 60 seconds to
| | |
by: hotflash |
last post by:
Hi All,
I found the best pure ASP code to upload a file to either server and/or MS Access Database. It works fine for me however, there is one thing that I don't like and have tried to fix but don't have any luck is to do a form validation. This script requires the files: db-file-to-disk.asp and _upload.asp. There is a DESCRIPTION field in the db-file-to-disk.asp file, what I want to do is the user has to field out this fied before...
|
by: Suganya |
last post by:
The young golfer from Wales believes "Discipline is definitely learned
and gets better with practice."
Doctors and scientists said that breaking the four-minute mile was
impossible, that one would die in the attempt. Thus, when I got up
from the track after collapsing at the finish line, I figured I was
dead.
http://shenrilaa.googlepages.com/
|
by: Haitashi |
last post by:
I have a database that currently contains different albums. The way I had the database was that there is a "description" field in which I placed all the songs. When I access my site I see in information of a CD and a paragraph that contains all the data I put in the "description" field. I am thinking of adding an "advanced search" feature to the site where the user can select Artist or Song Title. However, how can I ensure that it looks into...
|
by: =?ISO-8859-1?Q?Andr=E9?= |
last post by:
Hi everyone,
I'd be interested in hearing suggestions as to the "best" way to drive
a Python program step by step from another application.
Details:
---------
I have implemented a "Robot" that can be programmed by a user to
perform certain actions. (see Reeborg below for a simple javascript-
|
by: marktang |
last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However, people are often confused as to whether an ONU can Work As a Router. In this blog post, we’ll explore What is ONU, What Is Router, ONU & Router’s main usage, and What is the difference between ONU and Router. Let’s take a closer look !
Part I. Meaning of...
|
by: Oralloy |
last post by:
Hello folks,
I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>".
The problem is that using the GNU compilers, it seems that the internal comparison operator "<=>" tries to promote arguments from unsigned to signed.
This is as boiled down as I can make it.
Here is my compilation command:
g++-12 -std=c++20 -Wnarrowing bit_field.cpp
Here is the code in...
| | |
by: jinu1996 |
last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven tapestry of website design and digital marketing. It's not merely about having a website; it's about crafting an immersive digital experience that captivates audiences and drives business growth.
The Art of Business Website Design
Your website is...
|
by: agi2029 |
last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then launch it, all on its own....
Now, this would greatly impact the work of software developers. The idea...
|
by: isladogs |
last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM).
In this session, we are pleased to welcome a new presenter, Adolph Dupré who will be discussing some powerful techniques for using class modules.
He will explain when you may want to use classes instead of User Defined Types (UDT). For example, to manage the data in unbound forms.
Adolph will...
|
by: conductexam |
last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and then checking html paragraph one by one.
At the time of converting from word file to html my equations which are in the word document file was convert into image.
Globals.ThisAddIn.Application.ActiveDocument.Select();...
|
by: TSSRALBI |
last post by:
Hello
I'm a network technician in training and I need your help.
I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs.
The last exercise I practiced was to create a LAN-to-LAN VPN between two Pfsense firewalls, by using IPSEC protocols.
I succeeded, with both firewalls in the same network. But I'm wondering if it's possible to do the same thing, with 2 Pfsense firewalls...
|
by: 6302768590 |
last post by:
Hai team
i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system
| | |
by: bsmnconsultancy |
last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence can significantly impact your brand's success. BSMN Consultancy, a leader in Website Development in Toronto offers valuable insights into creating effective websites that not only look great but also perform exceptionally well. In this comprehensive...
| |
