Plateforme Level Extreme
Abonnement
Profil corporatif
Produits & Services
Support
Légal
English
Login Assistance
Message
De
12/08/2002 15:48:37
Michael Levy
Cincinnati, Ohio, États-Unis
 
 
À
12/08/2002 13:02:55
Bob Archer
Tampa, Floride, États-Unis
Information générale
Forum:
Microsoft SQL Server
Catégorie:
Sécurité
Titre:
Re: Login Assistance
Divers
Thread ID:
00688124
Message ID:
00688818
Vues:
41
>My recomendation would be, for a web ap, since the users never actually connect to the database, to use a single SQL Login (SQL server or Nt server doesn't matter) which has db_owner access to the data (or SPs) and control the user login/secuirty at the application level.
>
>BOb

I'm going to strongly disagree with you here Bob<s>. IMO, the user that the application uses should not be a member of the db_owner database role. It should have EXECUTE permission to the procs and the procs should be owned by dbo.

Security by Least Privilege

-Mike
Michael Levy
MCSD, MCDBA
ma_levy@hotmail.com
Précédent
Suivant
Répondre
Fil
Voir

Click here to load this message in the networking platform