堆栈内存溢出
  简体   繁体   English

SQL Server 2008 R2禁用Windows身份验证登录

[英]SQL Server 2008 R2 disable login from Windows Authentication

 原文  2015-08-20 16:49:13       sql-server/ sql-server-2008/ tsql/ security/ sql-server-2008-r2

问题描述

I understand that the reason mixed mode allows login with Windows authentication is for security purposes. 我知道混合模式允许使用Windows身份验证登录的原因是出于安全目的。 My boss asked me to create a setup.exe that installs: 我的老板要求我创建一个setup.exe来安装:

  1. our medical software 我们的医疗软件
  2. SQL Server 2008 R2 SQL Server 2008 R2
  3. SQL Server Management Studio SQL Server管理Studio

The install is fully automated with limited user input. 只需有限的用户输入,安装即可完全自动化。 SQL Server and the SSMS are implemented with a config file. SQL Server和SSMS是通过配置文件实现的。 sa and serviceRXuser (strong passwords) are SQL Server authentication logins. saserviceRXuser (强密码)是SQL Server身份验证登录名。

I don't want my clients to have access to our database, because editing drug data could be potentially life threatening. 我不希望我的客户访问我们的数据库,因为编辑药物数据可能会危及生命。 And yes, we have had clients alter things in our database... causing application errors that required re-installation. 是的,我们让客户端更改了数据库中的内容……导致了需要重新安装的应用程序错误。

Is there any way to, at least, limit access to keep end-users from editing the data? 至少有什么方法可以限制访问权限,以阻止最终用户编辑数据? Preferably a T-SQL command so I can keep automation. 最好是一个T-SQL命令,这样我就可以保持自动化。 If not, is there any way to hide the database? 如果没有,是否有任何隐藏数据库的方法?

1 个解决方案

解决方案1
 0  2015-08-20 22:19:06

first of all, don't share SA password (on any strong user password) with your clients :) 首先,不要与您的客户共享SA密码(使用任何强用户密码):)

Your app is running on client machines and coonnect to SQL via ODBC? 您的应用程序正在客户端计算机上运行,​​并通过ODBC连接到SQL吗?

hmmm.... it is hard, because the users can use Your ODBC connection from ACCESS and EXCEL too. hmmm...。这很困难,因为用户也可以从ACCESS和EXCEL使用您的ODBC连接。 Can you change Your app to don't use ODBC? 您可以将您的应用程序更改为不使用ODBC吗?

If You grant ONLY exec rights on stored procedures to serviceRXuser (don't need DB_DATAREADER or any other rights), then clients can't do anything, only what You can handle in SP-s. 如果您仅将存储过程的exec权限授予serviceRXuser (不需要DB_DATAREADER或任何其他权限),则客户端将无能为力,只有您可以在SP-s中处理的事情。 You can send an encoded parameter to every SP, and decode is wrong, raise any random error SQL ;) Users can't create this encoding from excel/access ;) 您可以将编码的参数发送到每个SP,并且解码错误,并引发任何随机错误SQL;)用户无法从excel / access创建此编码;)

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 IIS7.5身份验证到Sql Server 2008 r2登录 - IIS7.5 authentication to Sql Server 2008 r2 Login SQL Server 2008 R2登录名/密码 - SQL Server 2008 R2 login/password 从Rails应用程序连接到Windows SQL Server 2008 R2 - Connect to Windows SQL Server 2008 R2 from Rails app 使用集成身份验证通过Windows 2008 64位上的Scala / JDBC访问SQL Server 2008 R2 - Access SQL Server 2008 R2 via Scala/JDBC on Windows 2008 64 bit using integrated authentication 如何在SQL Server 2008 R2中拒绝对登录用户sa和Windows模式的数据库访问 - How to deny database access to login user sa and windows mode in SQL Server 2008 R2 SQL Server 2008 R2:限制服务器登录以查看服务器上除2个数据库以外的所有数据库 - SQL Server 2008 R2 : restrict server login from seeing all but 2 databases on server 如何禁用SQL Server 2008 R2数据库复制 - How to disable SQL Server 2008 R2 Database copying 如何在SQL Server 2008 R2上禁用Filestream以启用镜像? - How to disable Filestream on SQL Server 2008 R2 to enable mirroring? SQL Server 2008 R2无法登录 - SQL Server 2008 r2 can't login 如何在SQL Server 2008 R2中更改登录详细信息? - How to change login details in SQL Server 2008 R2?
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM