Wednesday, February 15, 2012

Execution of script at login

Is there a way to execute a script at login to check to do some
additional security checks after authentication?

Thanks,
James BrakeNot automatically. Why not call the script in the client code that
opens the connection?

Could you explain what additional checks you would require at
connection time. If the user isn't authorized then why would give them
a login to the database?

--
David Portas
SQL Server MVP
--|||Thanks for your reply.

If I had access to client code, I'd probably use an application role.
But, I do not.

The application gives each user read/write access to all tables
regardless of application security.

I was thinking of checking at login time whether the accessed the
database from the application or not.

James|||Hi

If you write anything such as a audit record when they log in, you could use
a trigger to raiserror. It would not be a very elegant solution though!

John

"James" <jbrake@.aeci.org> wrote in message
news:1103312862.596986.208700@.z14g2000cwz.googlegr oups.com...
> Thanks for your reply.
> If I had access to client code, I'd probably use an application role.
> But, I do not.
> The application gives each user read/write access to all tables
> regardless of application security.
> I was thinking of checking at login time whether the accessed the
> database from the application or not.
> James|||James (jbrake@.aeci.org) writes:
> If I had access to client code, I'd probably use an application role.
> But, I do not.
> The application gives each user read/write access to all tables
> regardless of application security.
> I was thinking of checking at login time whether the accessed the
> database from the application or not.

This may be a case of just poor choice of words from your side, but permit
be to point out that the application cannot really give access to the
tables, unless it is logging in with a user that has such privileges.
But maybe you mean that the application requires the user to have
read/write access to the tables, because it is not using stored procedures?

In such case it may be a difficult task to handle. To prevent updates
you could add triggers on the tables that checks app_name() and rolls
back if the application is not the right one.

--
Erland Sommarskog, SQL Server MVP, esquel@.sommarskog.se

Books Online for SQL Server SP3 at
http://www.microsoft.com/sql/techin.../2000/books.asp

Posted by mammal at 9:46 PM
Labels: , , , , , , , , , , , , , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)