SQL Server安全性:防止授权的Active Directory用户读取数据
[英]SQL Server Security: prevent authorized Active Directory users from reading data
问题描述
I have a Web intranet application that uses integrated AD authentication. 
我有一个使用集成AD身份验证的Web Intranet应用程序。 This app is connected to a SQL database which is accessed via the user token. 该应用程序已连接到通过用户令牌访问的SQL数据库。 The problem is that any user that has authorization to access the app, can also query the server directly, bypassing the app. 问题在于,任何有权访问该应用程序的用户都可以绕过该应用程序直接查询服务器。 The only way I can think of securing this server is by using a firewall that would block all hosts other than the app. 我能想到的确保此服务器安全的唯一方法是使用防火墙,该防火墙会阻止该应用程序以外的所有主机。 Can anyone recommend a technique that would only let the app connect/authenticate to the DB, without using a FW? 谁能推荐一种仅允许应用程序连接/认证到数据库而无需使用固件的技术?
2 个解决方案
解决方案1
1 2013-06-03 19:16:06
See the first answer in this StackOverflow post. 请参阅此StackOverflow帖子中的第一个答案。 As the author says there isn't any total solution, you'll always have a compromise. 正如作者所说,没有任何完整的解决方案,您总会妥协。
In my opinion user impersonation is the way to go. 在我看来,模仿用户是必经之路。
解决方案2
1 已采纳 2013-06-04 10:49:54
If that is an option for your environment and if application and sql server are on the same machine you can try disabling all external connections to sql server. 如果这是您环境的选择,并且应用程序和sql server在同一台计算机上,则可以尝试禁用与sql server的所有外部连接。 This way, only app would be able to connect but not external users. 这样,只有应用程序可以连接,而外部用户则不能。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.