Please start any new threads on our new
site at https://forums.sqlteam.com. We've got lots of great SQL Server
experts to answer whatever question you can come up with.
| Author |
Topic |
|
qwertyjjj
Posting Yak Master
131 Posts |
 Posted - 2007-09-19 : 12:04:57
|
| Usually, we set up a SQL login for an applucation to use.On this occasion, the connection is being done through NT authentication.I am having to set up a login for each DOMAIN\user.Is there a better way of doing this maybe a logn for a group and add the users to the group?I assumed SQL login was the preferred way as if you designed an app for thousands of users, you would have a large amount of administration if everything was done through NT ? |
|
|
cat_jesus
Aged Yak Warrior
547 Posts |
Posted - 2007-09-19 : 12:15:45
|
| Yes set up a group and then have security do the dirty job of adding, removing users from the group. |
 |
|
|
cat_jesus
Aged Yak Warrior
547 Posts |
Posted - 2007-09-19 : 12:16:49
|
| Oh and SQL login is not a good idea. It's a really bad idea, actually. |
|
|
|
qwertyjjj
Posting Yak Master
131 Posts |
Posted - 2007-09-19 : 12:20:38
|
| why a bad idea? |
|
|
|
qwertyjjj
Posting Yak Master
131 Posts |
Posted - 2007-09-19 : 12:21:02
|
| does the group need to be set up in the AD ? |
|
|
|
cat_jesus
Aged Yak Warrior
547 Posts |
Posted - 2007-09-19 : 12:43:03
|
| SQL login is bad for several reasons. For one, the userid and password is sent in clear text which makes it a trivial exercise to gain access to the SQL server. It is also more difficult to administer. If you are using AD and groups then you define the group permissions to the objects(hint: to SPs and Views rather than tables) and then let the domain administrators worry about who belongs to what group.SQL login is quick and dirty but it will bite you in the end. |
|
|
|
rmiao
Master Smack Fu Yak Hacker
7266 Posts |
Posted - 2007-09-19 : 23:35:09
|
| >> the userid and password is sent in clear text You can enable sql protocol encryption. |
|
|
|
|
|
|
NT auth question?