Please start any new threads on our new
site at https://forums.sqlteam.com. We've got lots of great SQL Server
experts to answer whatever question you can come up with.
| Author |
Topic |
|
Sarat
Constraint Violating Yak Guru
265 Posts |
 Posted - 2003-06-17 : 12:40:31
|
| Hi, Most of the security of our SQL Server 2K db is taken care by PSoft application security. Only the developers & testers who login into QA is where I am careful. We are making our entire PSoft app available via internet pretty soon and we want to make sure we have multiple layers of security.The problem is that I don't think I can anything at the db end (I want to confirm this) since PSoft connects to the db in a different way. User -> Web Server -> Application Server -> DB (SQL Server).PS authenticates users accessing the db at the Application Server Level and this Application Server then establishes a persistent connection to DB server as 'sa' (access id - PS recommends that). So if you look at the Current Activity, you will never know who is logged in except for if they are logged into Query Analyzer!Now if someone hacks into the system by somehow getting a peoplesoft user id & password, is there anything I can do at the database level? I can understand we can use HTTPS to encrypt data travelling over internet or other stuff but it wont be at DB level, will it?What are your thoughts?Thanks,Sarat.**To be intoxicated is to feel sophisticated, but not be able to say it.** |
|
|
tkizer
Almighty SQL Goddess
38200 Posts |
Posted - 2003-06-17 : 13:10:40
|
| There are lots of things that need to be done outside of the application to secure SQL Server.[url]http://vyaskn.tripod.com/sql_server_security_best_practices.htm[/url]Tara |
 |
|
|
|
|
|
Security Measures