Hi. If a user has access to a sql database in a vendor application, is there any way to prevent themm from accessing the database with query analyzer or other tool? since the new sql server express management tool can be downloaded for free 'm afraid that someone could directly hit the database and bypass the vendor app.
Not by simply setting an option in SQL Server. Once someone has a valid user/pw combination, the database is accessible, regardless of the application used to get connected.
You could try to run a script every some minutes that kills every user in db <YourDB> that is not connected with apllication <YourApp> ... but that's not very nice and might be a lot of overhead when a lot of users get connected to the SQL Server ... and still it is not a proactive sollution but a corrective measure and so it will not give you any guarantee ...
> SELECT * FROM users WHERE clue > 0;
Empty set (0.00 sec)