Please start any new threads on our new
site at https://forums.sqlteam.com. We've got lots of great SQL Server
experts to answer whatever question you can come up with.
| Author |
Topic |
|
Eagle_f90
Constraint Violating Yak Guru
424 Posts |
 Posted - 2009-01-15 : 10:02:54
|
| I have a SQL 2005 server that I am using as the backend to my website. The web site has two main parts, the public pages which will retrieve information from the DB and display it (all that is handled by server side procs and perl scripts) and then an admin section which will create new DBs, add tables, and add/change/remove information in the tables ( again all through procs and perl scripts). The admin page is protected by a perl login script, what I am wondering is if it is too paranoid to make 3 different logins to call, one with the power to create/drop DBs and tables, one with permission to add /drop data, and then one with permission to just read that data. Should I do this or is it fine just to make one login to use for all the functions?-- If I get used to envying others...Those things about my self I pride will slowly fade away.-Stellvia |
|
|
darkdusky
Aged Yak Warrior
591 Posts |
Posted - 2009-01-15 : 10:06:58
|
| No your not too paranoid - if there are people who do not need permission to drop a table but need to update data - then only give them that. Least rights possible is always best policy. |
 |
|
|
Eagle_f90
Constraint Violating Yak Guru
424 Posts |
Posted - 2009-01-15 : 10:20:00
|
quote:
Originally posted by darkdusky
No your not too paranoid - if there are people who do not need permission to drop a table but need to update data - then only give them that. Least rights possible is always best policy.
Even though all the DB commands are issued by a perl script and the only person that would be accessing the DB directly would be me?-- If I get used to envying others...Those things about my self I pride will slowly fade away.-Stellvia |
|
|
|
mfemenel
Professor Frink
1421 Posts |
Posted - 2009-01-15 : 10:39:56
|
| The only person "that you know of" would be you. Assume the worst, split the logins out.Mike"oh, that monkey is going to pay" |
|
|
|
Eagle_f90
Constraint Violating Yak Guru
424 Posts |
Posted - 2009-01-15 : 10:42:16
|
quote:
Originally posted by mfemenel
The only person "that you know of" would be you. Assume the worst, split the logins out.Mike"oh, that monkey is going to pay"
Good point, thanks for the advice, to the both of you.-- If I get used to envying others...Those things about my self I pride will slowly fade away.-Stellvia |
|
|
|
|
|
|
|
|
Am I too paranoid?