ODBC connections

I have been asked to develop some security software that includes detection
of what ODBC connections to SQL Server databases exist. I think that it is
not useful, at least for security purposes, to determine what ODBC
connections exist for a database. Am I wrong?
One reason it is not useful is that a connection can be created dynamicly
anytime. I know that, since I do it. The person asking for this project is
not familiar with such things but I have already explained this much to him.
I don't know about SQL Server security enough to be sure, but it is my
understanding that it has it's own security that is much more effective than
attempts to prevent access by limiting ODBC connections.
I am not asking what other solutions exist; if I am correct in what I say
here, then I will pursue the other solutions myself and when necessary in
another thread.>I have been asked to develop some security software that includes detection
>of what ODBC connections to SQL Server databases exist. I think that it is
>not useful, at least for security purposes, to determine what ODBC
>connections exist for a database. Am I wrong?
You are correct. The person requesting this may not be familiar with SQL
Server data access architecture and now it relates to security. ODBC is
just one data access API of many. There are also others, such as OLE DB,
SQL Native Client. It does not makes sense to me that one would care, at
least from a security perspective, which API is used to connect to SQL
Server. All APIs can access SQL Server without a pre-configured DSN.

> I don't know about SQL Server security enough to be sure, but it is my
> understanding that it has it's own security that is much more effective
> than attempts to prevent access by limiting ODBC connections.
Absolutely. SQL Server security is the primary place security needs to be
implemented. Logins, database users and object permissions all provide
various levels of security. Given a login with appropriate permissions, one
could write a simple VBScript using Notepad to access and manipulate
database data.
Hope this helps.
Dan Guzman
SQL Server MVP
"Sam Hobbs" <samuel@.social.rr.com_change_social_to_socal> wrote in message
news:%23GT8ACP%23FHA.3340@.TK2MSFTNGP12.phx.gbl...
>I have been asked to develop some security software that includes detection
>of what ODBC connections to SQL Server databases exist. I think that it is
>not useful, at least for security purposes, to determine what ODBC
>connections exist for a database. Am I wrong?
> One reason it is not useful is that a connection can be created dynamicly
> anytime. I know that, since I do it. The person asking for this project is
> not familiar with such things but I have already explained this much to
> him.
> I don't know about SQL Server security enough to be sure, but it is my
> understanding that it has it's own security that is much more effective
> than attempts to prevent access by limiting ODBC connections.
> I am not asking what other solutions exist; if I am correct in what I say
> here, then I will pursue the other solutions myself and when necessary in
> another thread.
>|||Yes, Dan, that definitely helps; thank you.