SQL Server Forums
Profile | Register | Active Topics | Members | Search | Forum FAQ
 
Register Now and get your question answered!
Username:
Password:
Save Password
Forgot your Password?

 All Forums
 SQL Server 2008 Forums
 SQL Server Administration (2008)
 linked Server - security issue?
 New Topic  Reply to Topic
 Printer Friendly
Author Previous Topic Topic Next Topic  

barnabeck
Posting Yak Master

Spain
196 Posts

Posted - 11/04/2013 :  16:10:40  Show Profile  Reply with Quote
Hi,

our server environment will soon be hosted by our mother company and we are planning the migration. Looking at the way we are querying the database of the ERP they pretty much disagreed about us using "linked servers". We actually did that in order to keep the ERP data safe and the SQL user account that is tied to that linkage has only write permissions.
Nevertheless they are concerned and I need good arguments to convince them; we are running server sided web-applications that access the databases and I guess there is some panic on the possibility of SQL injection. We are right now on the Internet with our Sharepoint Intranet too, but this will be turned down leaving access only via VPN.

Are there any hints or comments on roles, permissions, schemes etc and how to grant highest security?

Regards,
Martin

tkizer
Almighty SQL Goddess

USA
37296 Posts

Posted - 11/04/2013 :  16:26:19  Show Profile  Visit tkizer's Homepage  Reply with Quote
How does using a linked server keep the data safe? I don't see a reason to use linked servers for what you have described.

Tara Kizer
SQL Server MVP since 2007
http://weblogs.sqlteam.com/tarad/
Go to Top of Page

barnabeck
Posting Yak Master

Spain
196 Posts

Posted - 11/04/2013 :  16:46:21  Show Profile  Reply with Quote
It was not really a measure to keep the data safe. That was just a way to structure and divide services, and it grew historically. So the question is: is there any difference between using the linked server, bound to a restricted account and using that same account directly to access the database?
Go to Top of Page

tkizer
Almighty SQL Goddess

USA
37296 Posts

Posted - 11/04/2013 :  16:50:26  Show Profile  Visit tkizer's Homepage  Reply with Quote
The only difference would be performance. The linked server query would generally be slower than the direct access query.

Tara Kizer
SQL Server MVP since 2007
http://weblogs.sqlteam.com/tarad/
Go to Top of Page
  Previous Topic Topic Next Topic  
 New Topic  Reply to Topic
 Printer Friendly
Jump To:
SQL Server Forums © 2000-2009 SQLTeam Publishing, LLC Go To Top Of Page
This page was generated in 0.05 seconds. Powered By: Snitz Forums 2000