Reputation: 1
SQL Server Security: prevent authorized Active Directory users from reading data
I have a Web intranet application that uses integrated AD authentication. This app is connected to a SQL database which is accessed via the user token. The problem is that any user that has authorization to access the app, can also query the server directly, bypassing the app. The only way I can think of securing this server is by using a firewall that would block all hosts other than the app. Can anyone recommend a technique that would only let the app connect/authenticate to the DB, without using a FW?
Upvotes: 0
Views: 339
Answers (2)
Reputation: 596
If that is an option for your environment and if application and sql server are on the same machine you can try disabling all external connections to sql server. This way, only app would be able to connect but not external users.
Upvotes: 1
Reputation: 261
See the first answer in this StackOverflow post. As the author says there isn't any total solution, you'll always have a compromise.
In my opinion user impersonation is the way to go.
Upvotes: 1
Related Questions
- How to restrict data access based on user login
- How to Prevent windows users to not access SQL server data files
- SQL Server Restrict Access to Database by Windows Authentication Mode
- SQL Server Windows Authentication Security
- Windows Authentication - Restrict SQL Server Backend Access
- How to secure a SQL database from domain admins?
- Prevent windows admin user from reading a SQL Server database
- Securing SQL Server database from Domain Admin
- Securing access to SQL Server data
- Preventing users from accessing Application Database