Monday, March 26, 2012

How can i protect sqlserver 2000 by password

can any body tell me how can i protec my sqlserver 2000 by a
password so that no other person can open sqlserver 2000You should change passwords to all default User Ids.
To check which once you have, go to Users in Enterprise Manager.

Don't have anyone with NT authentication.

If you need users to be able to access through some front end application but still be prevented from getting directly to the server let me know.

I will provide some more sophisticated approach and preferably in private.

Thank you.|||i just want that no body can open my sqlserver 2000 directly to see
which database i am using and its tables/views etc

but any body can connect it by using programe which i made in
visual basic|||You have to hash passwords for each person before connecting to the server so they wouldn't really know the password that they use.
For the first time they login to your application you have to check if hashed password doesn't work you use sp_password command to change it to hashed password and in the future only hashed version will be used.
Also I provide functionality through my program where they can change their password. What I do, after they change a password I hash it first and then change it. So when they login next time they will again use hashed version and never know actual password to the server.
In this model you can not give NT authentication rights only password protected. Also you can check if the person who is logging in into your computer is the same as NT Login into this computer to provide your own authentication. This measure is made when you don't want people using somebody else's computers to login into your program.

Also all users of your application should be members of some group in my case I created enduser group. This way if you want to grant rights to something in a database that all users have access to from application like a view or stored procedure I just grant rights to that group and everyone has it instantly.
As I said if you wan to go with security model I created I can provide code samples in private.

Thank you.
Good Luck.sql

Posted by phasexcvr at 4:06 AM
Labels: , , , , , , , , , , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)