Re: Query Analyzer Connect Option
From: Mary Chipman (mchip_at_nomail.please)
Date: 02/29/04
- Next message: Christian Kleinerman [MS]: "Re: Best Practices Analyzer - Feedback"
- Next in thread: Erland Sommarskog: "Re: Query Analyzer Connect Option"
- Maybe reply: Erland Sommarskog: "Re: Query Analyzer Connect Option"
- Messages sorted by: [ date ] [ thread ]
Date: Sun, 29 Feb 2004 16:43:46 -0500
Application-level security usually ends up being a waste of time
because any moderately clever individual (such as one who knows enough
to create their own queries) can easily circumvent it. The only way
around your problem is to restrict permissions on the server and force
people to use logins without full administrative permissions. Then you
don't have to lose sleep worrying about which tools they might use
that will circumvent your application-level security.
-- Mary
MCW Technologies
http://www.mcwtech.com
On Sun, 29 Feb 2004 07:39:26 -0800, David Greer <dgreer@nextcorp.com>
wrote:
>The situation is that I have several users on an application that
>controls their access to the DB. The user ID has full rights to the DB
>but the application stops them from making changes to data. Now I have
>a user that needs to be able to create and run SELECT statements in a
>“Query Analyser” type of environment. I can publish a Query Analyser
>session with locked credentials using Citrix, but I don’t want him to be
>able to use the File => Connect option to reconnect with one of the
>application Ids thus giving him full rights in an open environment.
>Any ideas?
>Thanks
>
>
>
>
>*** Sent via Developersdex http://www.developersdex.com ***
>Don't just participate in USENET...get rewarded for it!
- Next message: Christian Kleinerman [MS]: "Re: Best Practices Analyzer - Feedback"
- Next in thread: Erland Sommarskog: "Re: Query Analyzer Connect Option"
- Maybe reply: Erland Sommarskog: "Re: Query Analyzer Connect Option"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
