1

I have a database which users should not be able to alter data in unless they use the specific app. I know best practice is to use windows authentication however that would mean that users could then connect to the database using any other data enabled app and change values which would then not be audited.

Unfortunately SQL 2008 with its inbuilt auditing is not available.

Any ideas how to ensure that users cannot change anything unless its through the controlling app?

Improve this question

1 Answer 1

Reset to default
1

  • Use whatever means for users to log in. Windwos authentication encouraged.

  • make sure the user has no rights to change any data ;)

  • The application then, on the existing connection, post-authorized using application roles.

More info on that is on http://msdn.microsoft.com/en-us/library/bb669062.aspx

Basically the application can get a separate sets of rights by using an application password (that sadly has to be coded into the application - use sensible means to protect it), replacing the limited rights the user has with more rights for itself.

I would ask you to consider using an application server, but if you have a classical client/server architecture that is as good as it gets.

Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

Its a windows forms application not an ASP.net and im not 100% au fait with WCF yet, secondly timescales are a bit tight and dont lend themselves to implementing extra layers of complexity.
Fully understandable. In that case, this is pretty much the best thing you can make.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.