I have been asked to develop some security software that includes detection
of what ODBC connections to SQL Server databases exist. I think that it is
not useful, at least for security purposes, to determine what ODBC
connections exist for a database. Am I wrong?
One reason it is not useful is that a connection can be created dynamicly
anytime. I know that, since I do it. The person asking for this project is
not familiar with such things but I have already explained this much to him.
I don't know about SQL Server security enough to be sure, but it is my
understanding that it has it's own security that is much more effective than
attempts to prevent access by limiting ODBC connections.
I am not asking what other solutions exist; if I am correct in what I say
here, then I will pursue the other solutions myself and when necessary in
another thread.>I have been asked to develop some security software that includes detection
>of what ODBC connections to SQL Server databases exist. I think that it is
>not useful, at least for security purposes, to determine what ODBC
>connections exist for a database. Am I wrong?
You are correct. The person requesting this may not be familiar with SQL
Server data access architecture and now it relates to security. ODBC is
just one data access API of many. There are also others, such as OLE DB,
SQL Native Client. It does not makes sense to me that one would care, at
least from a security perspective, which API is used to connect to SQL
Server. All APIs can access SQL Server without a pre-configured DSN.
> I don't know about SQL Server security enough to be sure, but it is my
> understanding that it has it's own security that is much more effective
> than attempts to prevent access by limiting ODBC connections.
Absolutely. SQL Server security is the primary place security needs to be
implemented. Logins, database users and object permissions all provide
various levels of security. Given a login with appropriate permissions, one
could write a simple VBScript using Notepad to access and manipulate
database data.
Hope this helps.
Dan Guzman
SQL Server MVP
"Sam Hobbs" <samuel@.social.rr.com_change_social_to_socal> wrote in message
news:%23GT8ACP%23FHA.3340@.TK2MSFTNGP12.phx.gbl...
>I have been asked to develop some security software that includes detection
>of what ODBC connections to SQL Server databases exist. I think that it is
>not useful, at least for security purposes, to determine what ODBC
>connections exist for a database. Am I wrong?
> One reason it is not useful is that a connection can be created dynamicly
> anytime. I know that, since I do it. The person asking for this project is
> not familiar with such things but I have already explained this much to
> him.
> I don't know about SQL Server security enough to be sure, but it is my
> understanding that it has it's own security that is much more effective
> than attempts to prevent access by limiting ODBC connections.
> I am not asking what other solutions exist; if I am correct in what I say
> here, then I will pursue the other solutions myself and when necessary in
> another thread.
>|||Yes, Dan, that definitely helps; thank you.
Showing posts with label includes. Show all posts
Showing posts with label includes. Show all posts
Monday, March 26, 2012
Wednesday, March 7, 2012
Obtaining RS developer edition?
We just purchased the Visual Studio .NET Special Edition, which includes the
Developer Edition of SQL Server. However, there was no CD of Reporting
Services contained in the box, and I can't find it anywhere for download.
Where can I get it?
Thanks.
Jon Pearce
jonp at the domain below
dgapartners.dropthispart.comJon Pearce wrote:
> We just purchased the Visual Studio .NET Special Edition, which includes the
> Developer Edition of SQL Server. However, there was no CD of Reporting
> Services contained in the box, and I can't find it anywhere for download.
> Where can I get it?
http://www.microsoft.com/sql/reporting/howtobuy/default.asp
U.S. and Canadian retail customers can order the CD directly via the
website. ($5 U.S.)
-BA|||UK customers can get it from a MS reseller (e.g.
http://www.greymatter.co.uk)
Note that it is more expensive to order the media kit outside of North
Amaerica - though still not a bad price (Sterling £ 27). I see no reason
for the huge discrepancy though, especially as it's just a CD, not even
boxed!
"Jon Pearce" <jpearce@.noemail.com> wrote in message
news:eTv%23guJsEHA.3048@.tk2msftngp13.phx.gbl...
> We just purchased the Visual Studio .NET Special Edition, which includes
> the
> Developer Edition of SQL Server. However, there was no CD of Reporting
> Services contained in the box, and I can't find it anywhere for download.
> Where can I get it?
> Thanks.
> Jon Pearce
> jonp at the domain below
> dgapartners.dropthispart.com
>
Developer Edition of SQL Server. However, there was no CD of Reporting
Services contained in the box, and I can't find it anywhere for download.
Where can I get it?
Thanks.
Jon Pearce
jonp at the domain below
dgapartners.dropthispart.comJon Pearce wrote:
> We just purchased the Visual Studio .NET Special Edition, which includes the
> Developer Edition of SQL Server. However, there was no CD of Reporting
> Services contained in the box, and I can't find it anywhere for download.
> Where can I get it?
http://www.microsoft.com/sql/reporting/howtobuy/default.asp
U.S. and Canadian retail customers can order the CD directly via the
website. ($5 U.S.)
-BA|||UK customers can get it from a MS reseller (e.g.
http://www.greymatter.co.uk)
Note that it is more expensive to order the media kit outside of North
Amaerica - though still not a bad price (Sterling £ 27). I see no reason
for the huge discrepancy though, especially as it's just a CD, not even
boxed!
"Jon Pearce" <jpearce@.noemail.com> wrote in message
news:eTv%23guJsEHA.3048@.tk2msftngp13.phx.gbl...
> We just purchased the Visual Studio .NET Special Edition, which includes
> the
> Developer Edition of SQL Server. However, there was no CD of Reporting
> Services contained in the box, and I can't find it anywhere for download.
> Where can I get it?
> Thanks.
> Jon Pearce
> jonp at the domain below
> dgapartners.dropthispart.com
>
Subscribe to:
Posts (Atom)