August 27, 2002 at 8:31 am
I have a database which has a Standard login. The app. accesses the db through a file dsn with the sql login /password in plain text. The folder where the dsn is, is also shared. Also, this account has fairly wide permissions, almost like a dbo. The users occassionally use this account to run some scripts and circumvent our policies.
I am trying to detect and not allow users who use this standard login from outside of the computer department. I cannot restrict the use of IP Address as rest of the network is on DHCP. Can somebody help me?? pareshmotiwala@yahoo.com
Paresh Motiwala Manager of Data Team, Big Data Enthusiast, ex DBA
August 27, 2002 at 8:47 am
If everyone is using this one login, you can't restrict based on user authentication. This really leaves you with IP. When you say everyone is on DHCP, is it one flat network (only one subnet)?
K. Brian Kelley
http://www.truthsolutions.com/
Author: Start to Finish Guide to SQL Server Performance Monitoring
http://www.netimpress.com/shop/product.asp?ProductID=NI-SQL1
K. Brian Kelley
@kbriankelley
August 27, 2002 at 8:53 am
Change the password often. Develop a plan to avoid having this be cumbersome.
Profile and audit your server. If you catch people, deal with it administratively.
This is a reason why shared accounts and well known passwords are a bad idea.
Steve Jones
August 29, 2002 at 11:16 am
We do have few different subnets. But there is no line drawn as to which belongs where.
but what if we do have different subnets?
Paresh Motiwala Manager of Data Team, Big Data Enthusiast, ex DBA
August 29, 2002 at 11:25 am
If you do have subnets, then ACLs can be used on the networking equipment to restrict.
K. Brian Kelley
http://www.truthsolutions.com/
Author: Start to Finish Guide to SQL Server Performance Monitoring
http://www.netimpress.com/shop/product.asp?ProductID=NI-SQL1
K. Brian Kelley
@kbriankelley
Viewing 5 posts - 1 through 5 (of 5 total)
You must be logged in to reply to this topic. Login to reply