What is the best way of accessing a sql server on a live server? shall I use Integrated windows or use a special user account? If I use a user account, what are the needed priviledges to give it?
thank you
Well, the real answers to those questions are: "It depends." Froma practical standpoint, choosing Windows authentication vs. SQLauthentication is going to come down to what your needs are and what'sgoing to provide the smallest attack surface whilst meeting thoseneeds.The needed privileges are also going to vary from application toapplication. Personally, I shoot for not allowing anything butexecute permissions on the stored procedures that the app needs tofunction, and nothing else. That gives me a stong, well-definedAPI for the database that allows me to control (to an extent) how thedatabase is used. Again, YMMV depending on the needs of yourapplication.
No comments:
Post a Comment