Results 1 to 6 of 6
  1. #1
    Join Date
    Jul 2003
    Location
    Australia
    Posts
    217

    Unanswered: Security Gurus - Questions for you

    I want to create an MS Access front-end for my SQL database.
    I want to create user accounts with passwords for each user.
    Should I change SQL Server to "MIXED authentication mode" (SQL Server authentication and Windows authentication) ?

    ********************************************
    *** Thank you very much in advanced, security gurus ***
    ********************************************

  2. #2
    Join Date
    Dec 2002
    Posts
    1,245
    Quote Originally Posted by Lepanto
    I want to create an MS Access front-end for my SQL database.
    I want to create user accounts with passwords for each user.
    Should I change SQL Server to "MIXED authentication mode" (SQL Server authentication and Windows authentication) ?
    I am NOT a security guru (heck, after 8 years of doing this, I'm barely a SQL guru), but...

    From the scenario that you lay out, there is no requirement to use mixed authentication mode (assuming that the client workstations and the database server are all connected to a domain).

    Using either an ADP, or linked tables (via ODBC), you can establish connectivity using trusted authentication. In your place, I would create a security group on the Domain and then add users to this group to whom you wish to grant access. Add this group to the SQL Server logins and grant the group access to the appropriate database/objects. You would be able to retrieve the user's account name from the built-in function suser_sname().

    Unless I'm missing something fundamental, it should be pretty straightforward.

    Regards,

    hmscott
    Have you hugged your backup today?

  3. #3
    Join Date
    Jul 2003
    Location
    Australia
    Posts
    217

    Reply

    hmscott,

    Thank you for your reply.

    (1) You said I can use "Windows auth. mode". So you mean I create the logins in Windows with passwords ?

    (2) You mentioned "...assuming that the client workstations and the database server are all connected to a domain". Could you tell me how can all workstations be connected to a domain ? Doesn't a domain belong to only ONE computer ??

    Note: I shall be working with an ADP.

    Thank you again.

  4. #4
    Join Date
    Aug 2004
    Location
    Pune,India
    Posts
    94
    dear friend, here SCOTT is talking of a network Domain and not an App Domain.
    In GOD we believe. Everything else we Test!

  5. #5
    Join Date
    Jun 2003
    Location
    Ohio
    Posts
    12,592
    Provided Answers: 1
    Microsoft considers integrated security to be more secure than using sql server logins and passwords.
    Your users should already have network logins and passwords in order to access the network, so you should not need to create any for them.
    If it's not practically useful, then it's practically useless.

    blindman
    www.chess.com: "sqlblindman"
    www.LobsterShot.blogspot.com

  6. #6
    Join Date
    Dec 2002
    Posts
    1,245
    Quote Originally Posted by Lepanto
    (1) You said I can use "Windows auth. mode". So you mean I create the logins in Windows with passwords ?
    The users should have an Active Directory domain account. It is possible to create local accounts (using pass-through authentication, must be created on client and server with same name and password). But I would strongly advise against this. Domain accounts are definitely the way to go here.
    Quote Originally Posted by Lepanto
    (2) You mentioned "...assuming that the client workstations and the database server are all connected to a domain". Could you tell me how can all workstations be connected to a domain ? Doesn't a domain belong to only ONE computer ??
    This is basic AD architecture. If you have questions on setting up AD and joining servers and workstations to an AD infrastructure, you need to speak with your sysadmin.

    Quote Originally Posted by Lepanto
    Note: I shall be working with an ADP.
    Cool. I like ADP, though I don't get to work with it very often.

    Regards,

    hmscott

    Thank you again.[/QUOTE]
    Have you hugged your backup today?

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •