Vulnerable Security with Access

Vulnerable Security with Access

Post by BobbyRonso » Fri, 06 Oct 2000 04:00:00



Hi,
We have client/server applications using SQL Server and VB. The users
connect to the database using the application. However, any smart user
can just create an ODBC and link the tables in the SQL Server using a
simple tool like Access and make changes to the data directly.
I have explored the possibility of using Application roles but I dont
like it so much. Is there a better way to prevent such kind of access in
SQL Server 7.0.
Jesbin
 
 
 

Vulnerable Security with Access

Post by BobbyRonso » Fri, 06 Oct 2000 04:00:00


Hi,
We have client/server applications using SQL Server and VB. The users
connect to the database using the application. However, any smart user
can just create an ODBC and link the tables in the SQL Server using a
simple tool like Access and make changes to the data directly.
I have explored the possibility of using Application roles but I dont
like it so much. Is there a better way to prevent such kind of access in
SQL Server 7.0.
Jesbin

 
 
 

Vulnerable Security with Access

Post by Stairmasterkin » Fri, 06 Oct 2000 04:00:00


In the future, have the applications coded so that all updates are done
via stored procedures. This way, the user id will not have insert,
update or delete authority on base tables. They will only require
execute permission on the stored procedures used for updating.

As an extra measure of security, encrypt all stored procedures with the
ENCRYPT option. It will encrypt the text of the sp in the syscomments
entry containing the text of the CREATE PROCEDURE statement so that
even savy users will not be able to view the sp and make use of it via
an ODBC tool.

Bobby

In article


Quote:> Hi,
> We have client/server applications using SQL Server and VB. The users
> connect to the database using the application. However, any smart user
> can just create an ODBC and link the tables in the SQL Server using a
> simple tool like Access and make changes to the data directly.
> I have explored the possibility of using Application roles but I dont
> like it so much. Is there a better way to prevent such kind of access
in
> SQL Server 7.0.
> Jesbin

Sent via Deja.com http://www.deja.com/
Before you buy.
 
 
 

Vulnerable Security with Access

Post by mary chipma » Fri, 06 Oct 2000 04:00:00


you should look at application roles again. if you use a single ADO
Connection object, you can activate the application role for the
duration of the connection. this allows you to revoke all permissions
to the public role (and guest user, if any), granting permissions only
to the application role. someone trying to connect without the
application role will hit a dead end -- no  permissions on the tables.


>Hi,
>We have client/server applications using SQL Server and VB. The users
>connect to the database using the application. However, any smart user
>can just create an ODBC and link the tables in the SQL Server using a
>simple tool like Access and make changes to the data directly.
>I have explored the possibility of using Application roles but I dont
>like it so much. Is there a better way to prevent such kind of access in
>SQL Server 7.0.
>Jesbin

 
 
 

1. Access 2000 Security VS. Access XP Security

I created a Visual Basic application that uses "Microsoft
ADO Ext. 2.5 for DDL and Security" to create and delete
Access security accounts.  My VB application works fine.  
I can open my Access 2000 database using a security
account created in the VB app.

However, when I install the application on a PC using
Windows XP and Access XP, I'm not able to open the
database with an account created in the VB app.  The
message I'm getting says "not a valid account name or
password".  Any ideas out there?

2. Error 3624,9004,3314 on SQL 2000 EE SP3

3. SQL Server 7.0 still vulnerable after all service packs

4. MsXmlAnalysis

5. Query Analyzer vulnerable thru Firewall?

6. Need help to create a Data base work

7. is 7.1.3 vulnerable ?

8. How do I run a Query without displaying Message Boxes?

9. Is My Database Vulnerable?

10. MSDE Security Vs Access Security

11. How to integrate Access application security with a SQL Server security

12. Security: Upsizing Access to SQL Server, Access as front end

13. Access Recovery / Remove Access Security