分布式访问前端上的SQL Server连接
[英]SQL Server connection on distributed Access front end
问题描述
I'm working on an application right now that requires a link to a couple of SQL Server tables. 
我现在正在开发需要链接到几个SQL Server表的应用程序。 My windows network account has permission to connect to this server, but I am not going to be the only one using this application. 我的Windows网络帐户具有连接到该服务器的权限,但我将不是唯一使用此应用程序的人。 I'm going to send it out for people to save to their PC or just put it on the company shared drive to use (I know, that's asking for problems sometimes). 我将其发送给人们以保存到他们的PC上,或仅将其放在公司共享的驱动器上使用(我知道,有时这会带来问题)。 It's inconvenient to make a windows account for users to share because they would need to log out and in to use the app, so I was wondering if the application or ODBC connection file itself can store the credentials to access the table. 为用户共享Windows帐户很不方便,因为他们需要注销并使用该应用程序,因此我想知道应用程序或ODBC连接文件本身是否可以存储访问表的凭据。
Should I configure the connection object to use something other than the windows login information (maybe a SQL server username/password), and just store the connection object in a shared location? 是否应该将连接对象配置为使用Windows登录信息以外的其他内容(可能是SQL Server用户名/密码),而仅将连接对象存储在共享位置? I don't have much experience with this and haven't tried out many different solutions and I am open to suggestions. 我对此没有太多经验,也没有尝试过许多不同的解决方案,并且愿意提出建议。
Thank you for the suggestions 感谢你的建议
2 个解决方案
解决方案1
1 2014-01-15 20:40:52
As suggested in a comment to the question, one solution would be to 正如对该问题的评论中所建议的那样,一种解决方案是
- create a User Group in Windows on the SQL Server, 在Windows上的SQL Server上创建用户组,
- create a SQL Server login for that group, 为该组创建一个SQL Server登录名,
- assign permissions within SQL Server to that login, 在SQL Server中为该登录名分配权限,
- and then just add or remove particular Windows Users from that group as required. 然后只需根据需要从该组中添加或删除特定的Windows用户。
That way you don't need to mess with the various SQL Server permissions for each database user, and your application can connect to the SQL Server using Windows Authentication so you don't have to mess with saved SQL Server credentials (in connection strings, or elsewhere). 这样,您无需弄乱每个数据库用户的各种SQL Server权限,并且您的应用程序可以使用Windows身份验证连接到SQL Server,因此您不必弄乱保存的SQL Server凭据(在连接字符串中,或其他地方)。
解决方案2
0 2013-11-12 20:00:31
You certainly can specify the username & password in the connection string -- ConnectionStrings.Com is highly recommended if you are having trouble with connection strings -- their first example for Sql Server is 您当然可以在连接字符串中指定用户名和密码-如果您在使用连接字符串时遇到问题,强烈建议使用ConnectionStrings.Com,它们的第一个Sql Server示例是
Server=myServerAddress;Database=myDataBase;User Id=myUsername;Password=myPassword;
The issue is security, if users can see this in a configuration file, they can do anything that account can do. 问题是安全性,如果用户可以在配置文件中看到此信息,则他们可以执行帐户可以执行的任何操作。 You have to handle security within you application if you do this. 如果这样做,则必须在应用程序中处理安全性。 Most apps that handle their own security have to create users and passwords in a database table (best not to store password at all, much less plaintext -- a one way hash is recommended). 大多数处理自身安全性的应用程序都必须在数据库表中创建用户和密码(最好根本不存储密码,更不用说纯文本了,建议使用一种哈希方式)。
One good strategy is the create a "login user" account with well known name and password, grant no read / write, etc. for that account at all, and grant execute access to single stored proc 一种好的策略是创建一个具有众所周知的名称和密码的“登录用户”帐户,根本不授予该帐户任何读/写等权限,并授予对单个存储过程的执行访问权限
IsLoginPermitted @ID, @PASS
When successful, IsLoginPermitted returns the ID & PASS for subsequent use (of course these are hidden from the user) and you create your new connection string based on these. 成功后,IsLoginPermitted将返回ID和PASS供以后使用(当然,这些ID和PASS对用户而言是隐藏的),然后您将基于这些ID和PASS创建新的连接字符串。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.