简体繁体 English

Windows桌面客户端/服务器应用程序的SQL Server安全配置选项

[英]SQL Server Security Configuration Options for Windows Desktop Client/Server application

原文 2009-12-17 14:16:36 2 2 .net/ sql-server/ windows/ security/ desktop-application

I am developing a windows desktop client/server application in .NET where the client application connects to SQL Server Express 2005 via the SQL native client and a connection string. 我正在开发在.NET在客户端应用程序通过SQL本机客户端和连接字符串连接到SQL Server Express 2005的Windows桌面客户端/服务器应用程序。 The client then executes SQL over the connection on the database directly (no stored procedures). 然后，客户端直接通过数据库上的连接执行SQL（无存储过程）。

How can I configure SQL Server (or windows) security in such a way that only my signed application binaries can connect to the database and nothing else from the client machines? 如何配置SQL Server（或Windows）安全性，以使只有我签名的应用程序二进制文件可以连接到数据库，而客户端计算机上没有其他内容？ (ie. not SQL Server Management Studio Express, hacked versions of my binaries or other malicious code) Would I need to embed cryptographic keys in my application? （即不是SQL Server Management Studio Express，二进制文件的被黑版本或其他恶意代码）是否需要在应用程序中嵌入加密密钥？ If so, how can these be protected from disassembly attacks? 如果是这样，如何保护它们免受拆卸攻击？

The client or server machines can be placed on a corporate domain. 客户端或服务器计算机可以放置在公司域中。 Using SQL Server full edition instead of SQL server express is also an option. 也可以选择使用SQL Server完整版而不是SQL Server Express。 I would also like to still be able to run SSMSE locally on the server machine for upgrades and support work (the server will have physical doors-and-locks security to prevent access to it). 我还希望仍然能够在服务器计算机上本地运行SSMSE以进行升级和支持工作（服务器将具有物理门锁安全性以防止对其进行访问）。

My application needs to read data from tables to calculate summary information. 我的应用程序需要从表中读取数据以计算摘要信息。 The summary information does not need to be secured but the detailed individual rows do. 摘要信息不需要保护，但详细的单独行则需要保护。 I think this requirement excludes any form of table based permissions combined with windows accounts or sql server user names and passwords. 我认为此要求不包括与Windows帐户或sql server用户名和密码结合的任何形式的基于表的权限。

2 个解决方案

You want to look in to using Application Roles in SQL Server. 您想研究在SQL Server中使用应用程序角色。 I'm not sure how available these are on express. 我不确定这些快递的可用性如何。

Here's a bit of info on Application Roles 这是有关应用程序角色的一些信息

I would use some sort of windows account or username and password combination :-) 我会使用某种Windows帐户或用户名和密码组合 :-)

Sarcasm aside, what you are talking about is just permissions. 除了讽刺，您在谈论的只是权限。 Connect your app to the SQL server using a user account you control, and don't provide the account credentials to the user. 使用您控制的用户帐户将您的应用连接到SQL Server，并且不向用户提供帐户凭据。 Problem solved. 问题解决了。 Well, almost. 好吧，差不多。

The only other way "in" is with an account like Administrator or SA that has a server role granting access to the whole SQL server, so you'd have to make certain the user does not have access to the SQL server through that path. “进入”的唯一其他方法是使用具有服务器角色的管理员或SA之类的帐户来授予对整个SQL Server的访问权限，因此您必须确保用户无法通过该路径访问SQL Server。 That's pretty simple to do -- restrict the Builtin\\Administrators group in SQL Server, for example by giving it only Public and not sysadmin, disable the SA account (if the server has mixed mode authentication), and substitute another account in your control to act as sys admin. 这样做非常简单-限制SQL Server中的Builtin \\ Administrators组，例如，仅授予其Public（公共）权限，而不授予sysadmin，禁用SA帐户（如果服务器具有混合模式身份验证），然后将控件中的另一个帐户替换为充当系统管理员。 Be careful not to lock yourself out :-). 注意不要把自己锁在外面:-)。