how to keep users out of isql/w? 
Author Message
 how to keep users out of isql/w?
In version 6.5 of MSSQL how do I keep users from logging into the
database using client utilities such as ISQL/w and Enterprise Manager?
I want them to be able to get in via APIs written for them but I don't
want them to be able to access the database directly using the client
utility tools.  Anybody know of a way to do this?

*** Sent via Developersdex http://www.***.com/ ***
Don't just participate in USENET...get rewarded for it!



Fri, 20 Aug 2004 07:12:05 GMT
 how to keep users out of isql/w?

Quote:

> In version 6.5 of MSSQL how do I keep users from logging into the
> database using client utilities such as ISQL/w and Enterprise Manager?
> I want them to be able to get in via APIs written for them but I don't
> want them to be able to access the database directly using the client
> utility tools.  Anybody know of a way to do this?

If these API:s access the database through stored procedures, you can
revoke direct permissions to tables. They could still log in with
ISQL/w to run the procedures directly, though.

A really foolproof way would to go for a three-tier solution, but
that appears to be a huge overkill.

--
Erland Sommarskog, SQL Server MVP

Books Online (updated!) for SQL 2000 at
http://www.microsoft.com/sql/techinfo/productdoc/2000/books.asp



Sat, 21 Aug 2004 07:29:37 GMT
 how to keep users out of isql/w?

  > > In version 6.5 of MSSQL how do I keep users from logging into the
  > > database using client utilities such as ISQL/w and Enterprise Manager?
  > > I want them to be able to get in via APIs written for them but I don't
  > > want them to be able to access the database directly using the client
  > > utility tools. Anybody know of a way to do this?
  > If these API:s access the database through stored procedures, you can
  > revoke direct permissions to tables. They could still log in with ISQL/w
  > to run the procedures directly, though.
  > A really foolproof way would to go for a three-tier solution, but that
  > appears to be a huge overkill.
  > --

  > (updated!) for SQL 2000 at http://www.microsoft.com/sql/techinfo/produc-
  > tdoc/2000/books.asphttp://www.microsoft.com/sql/techinfo/productdoc/200-
  > 0/books.asp

This is how we do it. We give network permissions (sharing) to the
specific users. Alter the folder permission where isqlw is kept. Give
access to those users who you want to access the Query Analyzer.

Roshmi

--
Roshmi Choudhury

Posted via dBforums
http://dbforums.com



Sun, 22 Aug 2004 20:14:35 GMT
 how to keep users out of isql/w?
We have an application that does something similar to what
you're after.  The customers have an ID and password for
the application.  When the customer starts the app, they
enter their ID and password.  The app logs into the server,
using a "common" server login (the customer doesn't know
the login or password, but it doesn't matter if they do,
because it has very limited permission), and checks a
table to verify that the login/password they keyed was
valid; and obtains (from the table) their SQL Server
login and password. It disconnects, then re-connects with the customer's
server login and password.  The customers never know
what their SQL Server login/password really are (so they
can't use them with isql or any other ad-hoc tool).
Quote:

> In version 6.5 of MSSQL how do I keep users from logging into the
> database using client utilities such as ISQL/w and Enterprise Manager?
> I want them to be able to get in via APIs written for them but I don't
> want them to be able to access the database directly using the client
> utility tools.  Anybody know of a way to do this?

> *** Sent via Developersdex http://www.developersdex.com ***
> Don't just participate in USENET...get rewarded for it!



Mon, 23 Aug 2004 01:29:52 GMT
 how to keep users out of isql/w?

Quote:

> We have an application that does something similar to what
> you're after.  The customers have an ID and password for
> the application.  When the customer starts the app, they
> enter their ID and password.  The app logs into the server,
> using a "common" server login (the customer doesn't know
> the login or password, but it doesn't matter if they do,
> because it has very limited permission), and checks a
> table to verify that the login/password they keyed was
> valid; and obtains (from the table) their SQL Server
> login and password.

Doesn't matter? If they know it they can run the procedure to get
the real username and password...

--
Erland Sommarskog, SQL Server MVP

Books Online (updated!) for SQL 2000 at
http://www.microsoft.com/sql/techinfo/productdoc/2000/books.asp



Mon, 23 Aug 2004 06:18:23 GMT
 how to keep users out of isql/w?


Quote:


>   > > In version 6.5 of MSSQL how do I keep users from logging into the
>   > > database using client utilities such as ISQL/w and Enterprise Manager?
>   > > I want them to be able to get in via APIs written for them but I don't
>   > > want them to be able to access the database directly using the client
>   > > utility tools. Anybody know of a way to do this?
>   > If these API:s access the database through stored procedures, you can
>   > revoke direct permissions to tables. They could still log in with ISQL/w
>   > to run the procedures directly, though.
>   > A really foolproof way would to go for a three-tier solution, but that
>   > appears to be a huge overkill.
>   > --

>   > (updated!) for SQL 2000 at http://www.microsoft.com/sql/techinfo/produc-
>   > tdoc/2000/books.asphttp://www.microsoft.com/sql/techinfo/productdoc/200-
>   > 0/books.asp

> This is how we do it. We give network permissions (sharing) to the
> specific users. Alter the folder permission where isqlw is kept. Give
> access to those users who you want to access the Query Analyzer.

And what if they install some kind of client on their local machine?  
That's not a very secure solution.


Mon, 23 Aug 2004 23:31:29 GMT
 
 [ 6 post ] 

 Relevant Pages 

1. how to keep users out of isql/w?

2. keeping users from seeing DTS packages

3. How to keep user account when import/export in SQL Server 7

4. users have to keep logging on

5. keeping users off the server

6. Keep Track of user logins

7. Looking for a way to keep user from deleting a record

8. How? Keep user on the form

9. Keep Track of Excluded Users for each record

10. keeping odbc-users out?

11. Keeping users in the script


 
Powered by phpBB® Forum Software