Results 1 to 2 of 2
  1. #1
    Join Date
    Oct 2009
    Posts
    12

    Unanswered: MS SQL Server 2008 Express - Security Tutorial

    Hi All...
    As a new user of MS SQL Server 2008 Express, i'm looking for a good tutorial on security settings/permissions for MS SQL and classic ASP web application.
    Having struggled to get my web app working using various DB connection strings, i have now got the site running.

    I've created a new login in MS SQL using SQL Server Authentication.
    My DB connection string contains the server name (local), database name, UID and PWD.
    In MS SQL Server Management i have checked 'Grant' for every option available, i.e. Administrator Bulk Operations right through to 'View Server State'. The web application can now connect to the database but i'm pretty sure i have given too much 'permissions'.

    I'm now looking to back off any permissions that are not required for the web application and would really appreciate if someone could point me in the right direction to a quality (laymans;-) tutorial.

    Thanks in advance
    Andy

  2. #2
    Join Date
    Jan 2007
    Location
    UK
    Posts
    11,434
    Provided Answers: 10
    The best model we have in one of our web apps is that we grant our web login access only to stored procedures in a given schema (in our example, it has access to dbo).

    Do not give it any server roles.
    George
    Home | Blog

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •