Welcome to dbForumz.com!
FAQFAQ      ProfileProfile    Private MessagesPrivate Messages   Log inLog in

Application Security based on SQL Security

  
   Database Forums (Home) -> Security RSS
Next:  Merge Replication  
Author Message
Pure Heart

External


Since: Jul 01, 2006
Posts: 15



(Msg. 1) Posted: Thu Jul 03, 2008 2:10 am
Post subject: Application Security based on SQL Security
Archived from groups: microsoft>public>sqlserver>security (more info?)
Hi

i was wondering instead of implementing my own security schema inside my
application code is it recommended to depend on SQL Security so a user will
connect with user name and password and if he dont have a permission on SQL
to delete or update he will egt an message i feel its more simple what you
think ?

thank you
--
Ammar S. Mitoori
IT Head QIMCO Co.
Tel : +9744831199
Mobile : +9745378400
Fax : +9744831643

 >> Stay informed about: Application Security based on SQL Security 
Back to top
Login to vote
Uri Dimant

External


Since: Aug 24, 2003
Posts: 708



(Msg. 2) Posted: Thu Jul 03, 2008 12:23 pm
Post subject: Re: Application Security based on SQL Security [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
Pure
http://vyaskn.tripod.com/sql_server_security_best_practices.htm --------security
best practices









"Pure Heart" <PureHeart.DeleteThis@discussions.microsoft.com> wrote in message
news:5CE06A84-A5AE-48A1-BAA4-47B844FC2C29@microsoft.com...
>
> Hi
>
> i was wondering instead of implementing my own security schema inside my
> application code is it recommended to depend on SQL Security so a user
> will
> connect with user name and password and if he dont have a permission on
> SQL
> to delete or update he will egt an message i feel its more simple what you
> think ?
>
> thank you
> --
> Ammar S. Mitoori
> IT Head QIMCO Co.
> Tel : +9744831199
> Mobile : +9745378400
> Fax : +9744831643

 >> Stay informed about: Application Security based on SQL Security 
Back to top
Login to vote
Pure Heart

External


Since: Jul 01, 2006
Posts: 15



(Msg. 3) Posted: Thu Jul 03, 2008 12:23 pm
Post subject: Re: Application Security based on SQL Security [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
hi

thanks for the replay but its away from my question i was asking about
security implemented in a .NET application
--
Ammar S. Mitoori
IT Head QIMCO Co.
Tel : +9744831199
Mobile : +9745378400
Fax : +9744831643


"Uri Dimant" wrote:

> Pure
> http://vyaskn.tripod.com/sql_server_security_best_practices.htm --------security
> best practices
>
>
>
>
>
>
>
>
>
> "Pure Heart" <PureHeart RemoveThis @discussions.microsoft.com> wrote in message
> news:5CE06A84-A5AE-48A1-BAA4-47B844FC2C29@microsoft.com...
> >
> > Hi
> >
> > i was wondering instead of implementing my own security schema inside my
> > application code is it recommended to depend on SQL Security so a user
> > will
> > connect with user name and password and if he dont have a permission on
> > SQL
> > to delete or update he will egt an message i feel its more simple what you
> > think ?
> >
> > thank you
> > --
> > Ammar S. Mitoori
> > IT Head QIMCO Co.
> > Tel : +9744831199
> > Mobile : +9745378400
> > Fax : +9744831643
>
>
>
 >> Stay informed about: Application Security based on SQL Security 
Back to top
Login to vote
Uri Dimant

External


Since: Aug 24, 2003
Posts: 708



(Msg. 4) Posted: Thu Jul 03, 2008 12:49 pm
Post subject: Re: Application Security based on SQL Security [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
Well , then you will have to build a logic in the second tier of application
(where you keep the pass) to check it againts SQL Server and return the
message
This example determines whether the current user can grant the INSERT
permission on the authors table to another user.

IF PERMISSIONS(OBJECT_ID('authors'))&0x80000=0x80000
PRINT 'INSERT on authors is grantable.'
ELSE
PRINT 'You may not GRANT INSERT permissions on authors.'



"Pure Heart" <PureHeart.TakeThisOut@discussions.microsoft.com> wrote in message
news:35FC0D5D-65AB-41F3-A5DB-DC79E84EA1E7@microsoft.com...
> hi
>
> thanks for the replay but its away from my question i was asking about
> security implemented in a .NET application
> --
> Ammar S. Mitoori
> IT Head QIMCO Co.
> Tel : +9744831199
> Mobile : +9745378400
> Fax : +9744831643
>
>
> "Uri Dimant" wrote:
>
>> Pure
>>
>> ttp://vyaskn.tripod.com/sql_server_security_best_practices.htm --------security
>> best practices
>>
>>
>>
>>
>>
>>
>>
>>
>>
>> "Pure Heart" <PureHeart.TakeThisOut@discussions.microsoft.com> wrote in message
>> news:5CE06A84-A5AE-48A1-BAA4-47B844FC2C29@microsoft.com...
>> >
>> > Hi
>> >
>> > i was wondering instead of implementing my own security schema inside
>> > my
>> > application code is it recommended to depend on SQL Security so a user
>> > will
>> > connect with user name and password and if he dont have a permission on
>> > SQL
>> > to delete or update he will egt an message i feel its more simple what
>> > you
>> > think ?
>> >
>> > thank you
>> > --
>> > Ammar S. Mitoori
>> > IT Head QIMCO Co.
>> > Tel : +9744831199
>> > Mobile : +9745378400
>> > Fax : +9744831643
>>
>>
>>
 >> Stay informed about: Application Security based on SQL Security 
Back to top
Login to vote
Pure Heart

External


Since: Jul 01, 2006
Posts: 15



(Msg. 5) Posted: Thu Jul 03, 2008 12:49 pm
Post subject: Re: Application Security based on SQL Security [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
hi

thanks for the replay, but i have another idea, instead of checking for
pemission why dont i let him connect and try to update then he will get an
error message from sql server directly without making my code more complex ?
--
Ammar S. Mitoori
IT Head QIMCO Co.
Tel : +9744831199
Mobile : +9745378400
Fax : +9744831643


"Uri Dimant" wrote:

> Well , then you will have to build a logic in the second tier of application
> (where you keep the pass) to check it againts SQL Server and return the
> message
> This example determines whether the current user can grant the INSERT
> permission on the authors table to another user.
>
> IF PERMISSIONS(OBJECT_ID('authors'))&0x80000=0x80000
> PRINT 'INSERT on authors is grantable.'
> ELSE
> PRINT 'You may not GRANT INSERT permissions on authors.'
>
>
>
> "Pure Heart" <PureHeart.DeleteThis@discussions.microsoft.com> wrote in message
> news:35FC0D5D-65AB-41F3-A5DB-DC79E84EA1E7@microsoft.com...
> > hi
> >
> > thanks for the replay but its away from my question i was asking about
> > security implemented in a .NET application
> > --
> > Ammar S. Mitoori
> > IT Head QIMCO Co.
> > Tel : +9744831199
> > Mobile : +9745378400
> > Fax : +9744831643
> >
> >
> > "Uri Dimant" wrote:
> >
> >> Pure
> >>
> >> ttp://vyaskn.tripod.com/sql_server_security_best_practices.htm --------security
> >> best practices
> >>
> >>
> >>
> >>
> >>
> >>
> >>
> >>
> >>
> >> "Pure Heart" <PureHeart.DeleteThis@discussions.microsoft.com> wrote in message
> >> news:5CE06A84-A5AE-48A1-BAA4-47B844FC2C29@microsoft.com...
> >> >
> >> > Hi
> >> >
> >> > i was wondering instead of implementing my own security schema inside
> >> > my
> >> > application code is it recommended to depend on SQL Security so a user
> >> > will
> >> > connect with user name and password and if he dont have a permission on
> >> > SQL
> >> > to delete or update he will egt an message i feel its more simple what
> >> > you
> >> > think ?
> >> >
> >> > thank you
> >> > --
> >> > Ammar S. Mitoori
> >> > IT Head QIMCO Co.
> >> > Tel : +9744831199
> >> > Mobile : +9745378400
> >> > Fax : +9744831643
> >>
> >>
> >>
>
>
>
 >> Stay informed about: Application Security based on SQL Security 
Back to top
Login to vote
Uri Dimant

External


Since: Aug 24, 2003
Posts: 708



(Msg. 6) Posted: Thu Jul 03, 2008 1:37 pm
Post subject: Re: Application Security based on SQL Security [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
Pure
Sometimes SQL Server throws not elegant messages to understand by the
end -users Smile)))



"Pure Heart" <PureHeart DeleteThis @discussions.microsoft.com> wrote in message
news:9546634A-BBED-44E6-9F50-B960E0EC9C90@microsoft.com...
> hi
>
> thanks for the replay, but i have another idea, instead of checking for
> pemission why dont i let him connect and try to update then he will get an
> error message from sql server directly without making my code more complex
> ?
> --
> Ammar S. Mitoori
> IT Head QIMCO Co.
> Tel : +9744831199
> Mobile : +9745378400
> Fax : +9744831643
>
>
> "Uri Dimant" wrote:
>
>> Well , then you will have to build a logic in the second tier of
>> application
>> (where you keep the pass) to check it againts SQL Server and return the
>> message
>> This example determines whether the current user can grant the INSERT
>> permission on the authors table to another user.
>>
>> IF PERMISSIONS(OBJECT_ID('authors'))&0x80000=0x80000
>> PRINT 'INSERT on authors is grantable.'
>> ELSE
>> PRINT 'You may not GRANT INSERT permissions on authors.'
>>
>>
>>
>> "Pure Heart" <PureHeart DeleteThis @discussions.microsoft.com> wrote in message
>> news:35FC0D5D-65AB-41F3-A5DB-DC79E84EA1E7@microsoft.com...
>> > hi
>> >
>> > thanks for the replay but its away from my question i was asking about
>> > security implemented in a .NET application
>> > --
>> > Ammar S. Mitoori
>> > IT Head QIMCO Co.
>> > Tel : +9744831199
>> > Mobile : +9745378400
>> > Fax : +9744831643
>> >
>> >
>> > "Uri Dimant" wrote:
>> >
>> >> Pure
>> >>
>> >>
>> >> tp://vyaskn.tripod.com/sql_server_security_best_practices.htm --------security
>> >> best practices
>> >>
>> >>
>> >>
>> >>
>> >>
>> >>
>> >>
>> >>
>> >>
>> >> "Pure Heart" <PureHeart DeleteThis @discussions.microsoft.com> wrote in message
>> >> news:5CE06A84-A5AE-48A1-BAA4-47B844FC2C29@microsoft.com...
>> >> >
>> >> > Hi
>> >> >
>> >> > i was wondering instead of implementing my own security schema
>> >> > inside
>> >> > my
>> >> > application code is it recommended to depend on SQL Security so a
>> >> > user
>> >> > will
>> >> > connect with user name and password and if he dont have a permission
>> >> > on
>> >> > SQL
>> >> > to delete or update he will egt an message i feel its more simple
>> >> > what
>> >> > you
>> >> > think ?
>> >> >
>> >> > thank you
>> >> > --
>> >> > Ammar S. Mitoori
>> >> > IT Head QIMCO Co.
>> >> > Tel : +9744831199
>> >> > Mobile : +9745378400
>> >> > Fax : +9744831643
>> >>
>> >>
>> >>
>>
>>
>>
 >> Stay informed about: Application Security based on SQL Security 
Back to top
Login to vote
Pure Heart

External


Since: Jul 01, 2006
Posts: 15



(Msg. 7) Posted: Thu Jul 03, 2008 1:37 pm
Post subject: Re: Application Security based on SQL Security [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
yes im aware about that but if i check the error type and re fom the message
and show a customised message it would be fine with less complxity in coding
Smile)))
--
Ammar S. Mitoori
IT Head QIMCO Co.
Tel : +9744831199
Mobile : +9745378400
Fax : +9744831643


"Uri Dimant" wrote:

> Pure
> Sometimes SQL Server throws not elegant messages to understand by the
> end -users Smile)))
>
>
>
> "Pure Heart" <PureHeart RemoveThis @discussions.microsoft.com> wrote in message
> news:9546634A-BBED-44E6-9F50-B960E0EC9C90@microsoft.com...
> > hi
> >
> > thanks for the replay, but i have another idea, instead of checking for
> > pemission why dont i let him connect and try to update then he will get an
> > error message from sql server directly without making my code more complex
> > ?
> > --
> > Ammar S. Mitoori
> > IT Head QIMCO Co.
> > Tel : +9744831199
> > Mobile : +9745378400
> > Fax : +9744831643
> >
> >
> > "Uri Dimant" wrote:
> >
> >> Well , then you will have to build a logic in the second tier of
> >> application
> >> (where you keep the pass) to check it againts SQL Server and return the
> >> message
> >> This example determines whether the current user can grant the INSERT
> >> permission on the authors table to another user.
> >>
> >> IF PERMISSIONS(OBJECT_ID('authors'))&0x80000=0x80000
> >> PRINT 'INSERT on authors is grantable.'
> >> ELSE
> >> PRINT 'You may not GRANT INSERT permissions on authors.'
> >>
> >>
> >>
> >> "Pure Heart" <PureHeart RemoveThis @discussions.microsoft.com> wrote in message
> >> news:35FC0D5D-65AB-41F3-A5DB-DC79E84EA1E7@microsoft.com...
> >> > hi
> >> >
> >> > thanks for the replay but its away from my question i was asking about
> >> > security implemented in a .NET application
> >> > --
> >> > Ammar S. Mitoori
> >> > IT Head QIMCO Co.
> >> > Tel : +9744831199
> >> > Mobile : +9745378400
> >> > Fax : +9744831643
> >> >
> >> >
> >> > "Uri Dimant" wrote:
> >> >
> >> >> Pure
> >> >>
> >> >>
> >> >> tp://vyaskn.tripod.com/sql_server_security_best_practices.htm --------security
> >> >> best practices
> >> >>
> >> >>
> >> >>
> >> >>
> >> >>
> >> >>
> >> >>
> >> >>
> >> >>
> >> >> "Pure Heart" <PureHeart RemoveThis @discussions.microsoft.com> wrote in message
> >> >> news:5CE06A84-A5AE-48A1-BAA4-47B844FC2C29@microsoft.com...
> >> >> >
> >> >> > Hi
> >> >> >
> >> >> > i was wondering instead of implementing my own security schema
> >> >> > inside
> >> >> > my
> >> >> > application code is it recommended to depend on SQL Security so a
> >> >> > user
> >> >> > will
> >> >> > connect with user name and password and if he dont have a permission
> >> >> > on
> >> >> > SQL
> >> >> > to delete or update he will egt an message i feel its more simple
> >> >> > what
> >> >> > you
> >> >> > think ?
> >> >> >
> >> >> > thank you
> >> >> > --
> >> >> > Ammar S. Mitoori
> >> >> > IT Head QIMCO Co.
> >> >> > Tel : +9744831199
> >> >> > Mobile : +9745378400
> >> >> > Fax : +9744831643
> >> >>
> >> >>
> >> >>
> >>
> >>
> >>
>
>
>
 >> Stay informed about: Application Security based on SQL Security 
Back to top
Login to vote
Pure Heart

External


Since: Jul 01, 2006
Posts: 15



(Msg. 8) Posted: Fri Jul 04, 2008 4:25 am
Post subject: Re: Application Security based on SQL Security [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
so i wanted to know is that famelier ?
--
Ammar S. Mitoori
IT Head QIMCO Co.
Tel : +9744831199
Mobile : +9745378400
Fax : +9744831643


"Pure Heart" wrote:

>
> yes im aware about that but if i check the error type and re fom the message
> and show a customised message it would be fine with less complxity in coding
> Smile)))
> --
> Ammar S. Mitoori
> IT Head QIMCO Co.
> Tel : +9744831199
> Mobile : +9745378400
> Fax : +9744831643
>
>
> "Uri Dimant" wrote:
>
> > Pure
> > Sometimes SQL Server throws not elegant messages to understand by the
> > end -users Smile)))
> >
> >
> >
> > "Pure Heart" <PureHeart RemoveThis @discussions.microsoft.com> wrote in message
> > news:9546634A-BBED-44E6-9F50-B960E0EC9C90@microsoft.com...
> > > hi
> > >
> > > thanks for the replay, but i have another idea, instead of checking for
> > > pemission why dont i let him connect and try to update then he will get an
> > > error message from sql server directly without making my code more complex
> > > ?
> > > --
> > > Ammar S. Mitoori
> > > IT Head QIMCO Co.
> > > Tel : +9744831199
> > > Mobile : +9745378400
> > > Fax : +9744831643
> > >
> > >
> > > "Uri Dimant" wrote:
> > >
> > >> Well , then you will have to build a logic in the second tier of
> > >> application
> > >> (where you keep the pass) to check it againts SQL Server and return the
> > >> message
> > >> This example determines whether the current user can grant the INSERT
> > >> permission on the authors table to another user.
> > >>
> > >> IF PERMISSIONS(OBJECT_ID('authors'))&0x80000=0x80000
> > >> PRINT 'INSERT on authors is grantable.'
> > >> ELSE
> > >> PRINT 'You may not GRANT INSERT permissions on authors.'
> > >>
> > >>
> > >>
> > >> "Pure Heart" <PureHeart RemoveThis @discussions.microsoft.com> wrote in message
> > >> news:35FC0D5D-65AB-41F3-A5DB-DC79E84EA1E7@microsoft.com...
> > >> > hi
> > >> >
> > >> > thanks for the replay but its away from my question i was asking about
> > >> > security implemented in a .NET application
> > >> > --
> > >> > Ammar S. Mitoori
> > >> > IT Head QIMCO Co.
> > >> > Tel : +9744831199
> > >> > Mobile : +9745378400
> > >> > Fax : +9744831643
> > >> >
> > >> >
> > >> > "Uri Dimant" wrote:
> > >> >
> > >> >> Pure
> > >> >>
> > >> >>
> > >> >> tp://vyaskn.tripod.com/sql_server_security_best_practices.htm --------security
> > >> >> best practices
> > >> >>
> > >> >>
> > >> >>
> > >> >>
> > >> >>
> > >> >>
> > >> >>
> > >> >>
> > >> >>
> > >> >> "Pure Heart" <PureHeart RemoveThis @discussions.microsoft.com> wrote in message
> > >> >> news:5CE06A84-A5AE-48A1-BAA4-47B844FC2C29@microsoft.com...
> > >> >> >
> > >> >> > Hi
> > >> >> >
> > >> >> > i was wondering instead of implementing my own security schema
> > >> >> > inside
> > >> >> > my
> > >> >> > application code is it recommended to depend on SQL Security so a
> > >> >> > user
> > >> >> > will
> > >> >> > connect with user name and password and if he dont have a permission
> > >> >> > on
> > >> >> > SQL
> > >> >> > to delete or update he will egt an message i feel its more simple
> > >> >> > what
> > >> >> > you
> > >> >> > think ?
> > >> >> >
> > >> >> > thank you
> > >> >> > --
> > >> >> > Ammar S. Mitoori
> > >> >> > IT Head QIMCO Co.
> > >> >> > Tel : +9744831199
> > >> >> > Mobile : +9745378400
> > >> >> > Fax : +9744831643
> > >> >>
> > >> >>
> > >> >>
> > >>
> > >>
> > >>
> >
> >
> >
 >> Stay informed about: Application Security based on SQL Security 
Back to top
Login to vote
Display posts from previous:   
Related Topics:
Roles based security 2005 versus 2000 - Hi, There is something really easy and simple that I do to control permissions in Sql Server 2000: this is role based security. I set up a role, give the role necessary permissions to the appropriate objects, then add users to the role. Viola! You...

Role Based Security Schema - Does anyone have an example of a schema designed for Role Based Security on a Intranet site controlling access to the Site, Pages and controls on the Pages?

Database security design with ASP.net and form-based authe.. - I'm setting up an ASP.Net intranet application with a SQL Server 2000 database. The application uses form-based authentication which is supported by the following tables: User, Role, UserRole (where each user is assigned specific roles). The system wil...

No Security - I'm new to SQL, so please excuse the novice questions. 1. Is it possible to setup SQL 2005 with no security? 2. If not, how do I set it up to use windows users for authentication? 3. Does that type of authentication require Active Directory? ..

SA Security - Is there a way to give someone in SQL 2000 that isn't an SA the ability to see jobs when their not the owns of those jobs. Someone told me about making a change to one of the Sp's in msdb that would fool the system into things your in an SA role when...
   Database Forums (Home) -> Security All times are: Pacific Time (US & Canada) (change)
Page 1 of 1

 
 You can post new topics in this forum
You can reply to topics in this forum
You can edit your posts in this forum
You can delete your posts in this forum
You can vote in polls in this forum



[ Contact us | Terms of Service/Privacy Policy ]