Level Extreme platform
Subscription
Corporate profile
Products & Services
Support
Legal
Français
Login Assistance
Message
From
12/08/2002 15:48:37
Michael Levy
Cincinnati, Ohio, United States
 
 
To
12/08/2002 13:02:55
Bob Archer
Tampa, Florida, United States
General information
Forum:
Microsoft SQL Server
Category:
Security
Title:
Re: Login Assistance
Miscellaneous
Thread ID:
00688124
Message ID:
00688818
Views:
40
>My recomendation would be, for a web ap, since the users never actually connect to the database, to use a single SQL Login (SQL server or Nt server doesn't matter) which has db_owner access to the data (or SPs) and control the user login/secuirty at the application level.
>
>BOb

I'm going to strongly disagree with you here Bob<s>. IMO, the user that the application uses should not be a member of the db_owner database role. It should have EXECUTE permission to the procs and the procs should be owned by dbo.

Security by Least Privilege

-Mike
Michael Levy
MCSD, MCDBA
ma_levy@hotmail.com
Previous
Next
Reply
Map
View

Click here to load this message in the networking platform