Locking down SQL Server FAQ

Last Post 25 Sep 2011 09:47 AM by rm. 1 Replies.
AddThis - Bookmarking and Sharing Button
Author Messages
New Member
New Member

24 Sep 2011 04:20 PM
Database open to all in the organisation.

Database accessed via a PC application (written using Visual C++ 2008) which only ever uses sprocs to communicate to the database.

A dedicated username/password has been created for the database usage. This username/password is built into the application (so everyone will be using the same user/pass). Each person having there own account is not desirable. Not the best solution, but at least the username/password is not seen in the application in plain text (although no doubt can be seen in memory as such and transmitted along the network)

This account only has CONNECT and EXECUTE priviledges to appropriate tables in the single database.

No dynamic SQL is used in any sproc.

All sproc usage is logged with the IP of the client PC, date, time, command, etc.

Only the SQLSERVER port is open.

For any typical employee, the physical server is behind at least 3 locked doors (directors, behind one locked door. ceo - none)

Anything I've missed?

New Member
New Member

25 Sep 2011 09:47 AM
You may like to use application role instead, users can't access db outside of app even they know id/pwd that way.

Acceptable Use Policy