Restrict access to DB server - SQL Server Forums

Please start any new threads on our new site at https://forums.sqlteam.com. We've got lots of great SQL Server experts to answer whatever question you can come up with.

All Forums

SQL Server 2008 Forums

Transact-SQL (2008)

Restrict access to DB server

Author

Topic

xpandre
Posting Yak Master

212 Posts

Posted - 2011-09-26 : 10:21:05

Hi Guys,

One issue thats not related to development, but developers:(

I have a PROD server which has a SQL LOGIN, and unfortunately the password is known to everyone in the project.:(

Now, we have been telling our team members not to connect to the PROD server using that SQL login, as its only for application purpose.

But only if everyone really cared about what the DB team says.:(

Now the issue: I am not allowed to have any kind of check on the PROD DB server to check for logins happening from SSMS.

Is there any way I can restrict this from the client side, something like..If any user tries to connect to the PROD server via ssms using a sql login, he would not be allowed..

Thanks
Sam

Kristen
Test

22859 Posts

Posted - 2011-09-26 : 10:45:19

"I am not allowed to have any kind of check on the PROD DB server to check for logins happening from SSMS"

You are expected to solve this with both hands tied behind your back?

If you use SQL profiler it will record this information as a matter of course - would you then be fired?

xpandre
Posting Yak Master

212 Posts

Posted - 2011-09-26 : 11:21:20

No..I would not be fired, but the DOTNET developer who connects might get fired, unless he's a critical resource.:-)

So basically, we dont have any way we can restrict it at client side, right?:-(

Kristen
Test

22859 Posts

Posted - 2011-09-26 : 11:37:54

I would run SQL Profiler and see how often it is happening (and that would probably tell you some other info about the culprits - you might even be able to get IP address out of it)

I don't know about restricting logins, server-side, based on Application and User ID - but I expect its possible.

It may be possible Client Side, but I would hope that the information about User ID is already encrypted before it leaves SSMS, so would not be possible to intercept en route to the server.

GilaMonster
Master Smack Fu Yak Hacker

4507 Posts

Posted - 2011-09-26 : 11:52:44

Login trigger.

I used that at a bank when I had a couple devs who thought they were above the rules.

--
Gail Shaw
SQL Server MVP

Subscribe to SQLTeam.com

SQLTeam.com Articles via RSS

SQLTeam.com Weblog via RSS

- Advertisement -

Resources