Limiting applications

SQLServerCentral is supported by Red Gate Software Ltd.

Popular Topics

Home

Members

Calendar

Who's On

Home » SQL Server 2005 » Administering » Limiting applications - discussion

Limiting applications - discussion

Rate Topic

Display Mode

Topic Options

Author

Message

devereauxj

Posted Wednesday, April 01, 2009 2:10 PM

SSC Veteran

Group: General Forum Members
Last Login: Wednesday, June 06, 2012 6:49 AM
Points: 249, Visits: 140

For SQL Server 2005 and SQL Server 2008.

We found an enterprising user that made his own ODBC, used his OS/authentication that an existing application uses, and created his own access database application. No malicious intent, just trying to do things (he thought) better and faster.

Lets leave out "Don't allow ODBC's to be created" discussion.

Are there different methods so "MyApplication" with "domain\userFred" is the only way Fred has access to the database? The vendor application ONLY uses authenticated user access. Some users are explicitly listed in the database, others are in domain groups.

Also, any way to do this in sql 2000? SQL 2000 is not an issue right now, but could be.

Thanks,
Joseph

Post #688337

Jack Corbett

Posted Wednesday, April 01, 2009 2:23 PM

SSChampion

Group: General Forum Members
Last Login: Friday, May 17, 2013 12:22 PM
Points: 10,571, Visits: 11,871

IN 2005 and 2008 you could use a LOGON TRIGGER and check the application name, but be aware that this can be passed as part of the connection string so your real application can be spoofed.

I don't know of a way to do this in 2000.

Scenarios like this is why I don't believe in granting direct table access. If everything is done with SP's, Views, and UDF's then the users can't do this.

Jack Corbett

Applications Developer

Don't let the good be the enemy of the best. -- Paul Fleming

Check out these links on how to get faster and more accurate answers:
Forum Etiquette: How to post data/code on a forum to get the best help
Need an Answer? Actually, No ... You Need a Question
How to Post Performance Problems
Crosstabs and Pivots or How to turn rows into columns Part 1
Crosstabs and Pivots or How to turn rows into columns Part 2

Post #688353

JeremyE

Posted Wednesday, April 01, 2009 3:26 PM

SSCrazy

Group: General Forum Members
Last Login: Yesterday @ 10:16 AM
Points: 2,393, Visits: 2,661

In SQL 2000 you could write a script using sp_who2 and create a job to run every min and kill connections where ProgramName like 'Microsoft Office%'. That's a pretty hokey way to do things.

In 2008 you can use resource governor to limit CPU and memory by application and limit Microsoft Office to 1% of each so they can't hog resources. This of course doesn't keep them from using MS Access.

Just throwing out a couple ideas.

Post #688417

LutzM

Posted Wednesday, April 01, 2009 3:34 PM

SSCertifiable

Group: General Forum Members
Last Login: Wednesday, April 24, 2013 3:17 PM
Points: 6,731, Visits: 12,131

Did you look into application roles?

Brian Kelley's article below pretty much describes your scenario. Maybe it's an option, even with all the con's...
http://www.sqlservercentral.com/articles/Security/sqlserversecurityprosandconsofapplicationroles/1116/

Lutz
A pessimist is an optimist with experience.

How to get fast answers to your question
How to post performance related questions
Links for Tally Table , Cross Tabs and Dynamic Cross Tabs , Delimited Split Function

Post #688426

« Prev Topic | Next Topic »

Permissions