March 6, 2009 at 7:46 am
Hi
Apologies is this seems like a very basic question! I am new to sql having worked in access for the last few years.
I've setup a new sql database by upsizing my access database. I know need to connect to it from my web application, I'm planning to use a dsn string.
My question is do I need to setup a specific user account for my database so I can use this username and pw in my string? How would I go about doing this and what permissions would I need to set?
Many thanks
March 6, 2009 at 8:13 am
I would create a low permission user (low means as few as possibile), with windows authentication.
If you use a DSN entry, I'm not sure you can use NT authentication, so maybe you'll need to switch to a SQL user.
Your question is quite generic, so with that little information this is the best I can do.
Regards
Gianluca
-- Gianluca Sartori
March 6, 2009 at 9:16 am
First you will have to create a login and then grant access to DB that the user will connect. It can be a windows user or SQL User depending on your choice of connection.
Once that is done, give access to execute the Stored procs that you have created.
Those are the basic things that we can advice you with the limited info you provided.
-Roy
March 6, 2009 at 9:57 am
Your connection string can either have a specific username and password in it, or it can use integrated security (Windows security). I haven't set one up in a while, but I think it's something about "trusted connection=yes" or something like that.
The disadvantage to including the username and password in the connection string is that this can then be captured pretty easily and used to hack your database. Of course, if it's connecting from a web server on your LAN to a database server on the same LAN, it's unlikely to be hacked that way. It's mainly an issue if the application will ever be used from a desktop machine.
- Gus "GSquared", RSVP, OODA, MAP, NMVP, FAQ, SAT, SQL, DNA, RNA, UOI, IOU, AM, PM, AD, BC, BCE, USA, UN, CF, ROFL, LOL, ETC
Property of The Thread
"Nobody knows the age of the human race, but everyone agrees it's old enough to know better." - Anon
March 7, 2009 at 10:14 am
Hi
Thanks for the help. I have setup a SQL user and granted access for that user to the database.
I'm not sure what permissions I need to set for this user or how I give access to execute the stored procs, could you tell me how I would do this?
Many thanks
March 7, 2009 at 10:17 am
Kerry,
Are you going to use only Stored Procs from your App? If so then you can give permission to execute to each seperate sp.
Grant execute on STOREDPROCNAME to USERYOUCREATED
-Roy
March 7, 2009 at 10:33 am
Hi
Thanks very much for the help - it's all working now 🙂
March 7, 2009 at 10:48 am
Kerry,
A couple things. First I edited the subject so as not to disclose your email. I'd be wary of that.
Second, I'd create a role. Right click Roles, new role, and then GRANT permissions to the role. Add the user to the role and you'll be able to then "duplicate" the permissions with other users if needed.
March 7, 2009 at 10:53 am
OK thank you for the help - I didn't mean to put my email here but wasn't sure how to change it.
March 9, 2009 at 8:07 am
One thing not previously mentioned, which happens in our environment all the time. If you have procs constantly added to the database which the client needs to use and this database is soley dedicated to this one purpose alone, then you can grant execute on the Schema instead of granting execute on individual procs.
WARNING: Re-read the above caveats before using this code! It can create security issues if you grant it on the wrong database or grant it without knowing the consequences!
Grant Execute on Schema::dbo to [MySQLLogin];
Of course "dbo" would be replaced with the schema name and if you're using a windows login, chances are "MYSQLLogin" would be changed to "MyDomain\MyLogin".
The great thing about this, if you have a dedicated environment, is you're not constantly running back and forth to grant permissions on new procs. On the other hand, as I said above, this can open up a whole can of security worms if you're not careful when and where you use it.
Viewing 10 posts - 1 through 9 (of 9 total)
You must be logged in to reply to this topic. Login to reply