Post reply

Application Security

  • February 23, 2006 at 6:47 am

    #112008

    I am having my application in development as of now, want to move it to production. Right now I have a DB role AppDevelopers where in it has db_owner role. when i move my application to production which end users will be using, how do need to act on security.

    Do I need to create a new AppUser role where they have only data_reader role in them and add all the end user id's to them.

  • February 23, 2006 at 8:06 am

    #622949

    it depends

    If you want to create the possibility for you users that they access you sqlserver using only your application, or also using e.g; excel  or access

    If you create a db-role "application" (and add your windows-users to it )  and you grant this role the permission to read/write all objects and to use all stored procedures and functions, the effect will be the same as granting every single user these rights.

    On the other hand, if you use applicationroles, then your users will only need public rights (login) to you database. Then the users will only be able to access the data, unless you grant everything to public !

    Also this way, a user will only act as an application user, with the appropriate set of rights, when using you application.

    Check out applicationroles in books online.

    keep in mind that using application roles , will have you shutdown connectionpooling at client-level !

    When you creat a sqlserver-user, which  you will use in your connectionstring ( encrypted ini file ? ), then offcourse, your windows users will not have to be granted login to your server.

    Also test your  application using the "new"  security-level (least privilage)  !

     

    Johan

    Learn to play, play to learn !

    Dont drive faster than your guardian angel can fly ...
    but keeping both feet on the ground wont get you anywhere :w00t:

    - How to post Performance Problems
    - How to post data/code to get the best help[/url]

    - How to prevent a sore throat after hours of presenting ppt

    press F1 for solution, press shift+F1 for urgent solution 😀

    Need a bit of Powershell? How about this

    Who am I ? Sometimes this is me but most of the time this is me

Viewing 2 posts - 1 through 2 (of 2 total)

You must be logged in to reply to this topic. Login to reply