Greetings:
If SQL 2000 is configured only to accept Windows authentication, how
do I prevent end-users from connecting to SQL with unauthorized
applications (such as Enterprise Manager)?
I know it's possible to check (although a clever programmer can easily
fool) the calling application name, but to do so within every stored
proc would be onerous.
This has been a head scratcher in our effort to shut off SQL
authentication and removing stored credentials, so all help is
appreciated.
Thanks much
d.Unfortunately, there is nothing within the SQL 2000 product to block
connections/access to objects based upon the application you're using.
You could restrict access to specific machines using IPSec or Firewall
rules etc. So, this could work if you were developing a Web based
application, such that only the IIS machine had permission to connect to
SQL.
Thanks,
Kevin McDonnell
Microsoft Corporation
This posting is provided AS IS with no warranties, and confers no rights.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment