Hello,
This is a repost. I've posted this last week and haven't got a
workable solution to the problem, given there's no other answering post in a
week, I'd like to try asking again. Sorry for any annoyance made by this.
[Quote]
In mysql we can set to allow a user to login and access certain
table from certain host, is there anything close to that in MSSQL 2000/2005?
Actually, we just need to control certain users unable to use the
Domain Creditial to access certain databases/tables except in the company's
IP, while we need to make sure for certain databases/tables, the client can
be accessed anywhere.
If not, is there any kind of database connection proxies that we can
use to control the connections, or this there any tutorial on how to relay
database datas so we can write a program to do access check?
[/quote]
The suggestion I've got in my last post includes "APPLICATION ROLE",
but since I need to control the acess BOTH by login name and "IP", and also
some of the user under "access control" are developers who have source code
access to the program we use, the suggestion doesn't solve my problem.
Looking forward for reply.
Regards,
Lau Lei CheongThe answer is no, SQL Server cannot authorise acces based on IP address.
The OS can allow only access from certain IP addresses using IPSec, you
could then allow access through a SQL login. Effectively, but not
explicitly, granting access to an IP range.
The real question is why? Security based on IP address alone is no security
at all.
"Lau Lei Cheong" wrote:
> Hello,
> This is a repost. I've posted this last week and haven't got a
> workable solution to the problem, given there's no other answering post in
a
> week, I'd like to try asking again. Sorry for any annoyance made by this.
> [Quote]
> In mysql we can set to allow a user to login and access certain
> table from certain host, is there anything close to that in MSSQL 2000/200
5?
> Actually, we just need to control certain users unable to use the
> Domain Creditial to access certain databases/tables except in the company'
s
> IP, while we need to make sure for certain databases/tables, the client ca
n
> be accessed anywhere.
> If not, is there any kind of database connection proxies that we c
an
> use to control the connections, or this there any tutorial on how to relay
> database datas so we can write a program to do access check?
> [/quote]
> The suggestion I've got in my last post includes "APPLICATION ROLE
",
> but since I need to control the acess BOTH by login name and "IP", and als
o
> some of the user under "access control" are developers who have source cod
e
> access to the program we use, the suggestion doesn't solve my problem.
> Looking forward for reply.
> Regards,
> Lau Lei Cheong
>
>|||The reason is that it'd been reported that some company thief have sold
part/all of our customer database to competitor companies, so out boss
decided to restrict full database access within private IP range only.
However, some users/developers do need to access other parts of the
database. So I need to set the access control on "login name + IP" basis
(better with access logging on sensitive data).
It doesn't really matter if someone can tell me I can write a event handler
for SQL2005 that allow me to check the IP when login and set the access
dynamically.
Since I'm the only one except the boss with sa + local admin + domain admin
password, so I can be confident that if this will do, no other people will
be able to break it.
"mulhall" <mulhall@.discussions.microsoft.com> glsD:1FB17D2C-95FD-4719-A22C-FAE26F1
D3AF7@.microsoft.com...[vbcol=seagreen]
> The answer is no, SQL Server cannot authorise acces based on IP address.
> The OS can allow only access from certain IP addresses using IPSec, you
> could then allow access through a SQL login. Effectively, but not
> explicitly, granting access to an IP range.
> The real question is why? Security based on IP address alone is no
> security
> at all.
>
> "Lau Lei Cheong" wrote:
>
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment