Databases
StackOverflow2013
Postsdbo
PO
Body
 

Note that there are some explanatory texts on larger screens.

plurals
  1. PO
    text
    copied!<blockquote> <p>Everything that I have read says that using integrated authentication is more secure</p> </blockquote> <p>--> It's more secure in a way because it's more difficult to get the password. </p> <p>If you use SQL Server authentication, the connection string contains user and password. If you know where the connection string is (often in a config file), you can open it and see user and password.<br> On the other hand, if you use Windows authentication, the connection string just says "Integrated Security=True" and you connect to the server with your Windows account, with the actual password buried somewhere deep in Windows' guts and more difficult to retrieve.</p> <p>Of course, the big downside of Windows authentication is that if your users need write permissions on a certain table for your application, this means that they can write to the same table with ANY other application as well.</p> <p>There are some workarounds, but none of them is THE silver bullet:</p> <p>If your app only needs certain tables of the DB, you can just give permissions on these. So at least, the users can't do stuff in all the other tables</p> <p>If the users are not allowed to access any tables at all from outside your application, there are unfortunately only two things you can do:</p> <ul> <li>Change your app to SQL authentication and remove all permissions for Windows users<br> (you can also use a proxy service <a href="https://stackoverflow.com/questions/4606338/sql-server-windows-authentication-security/4606535#4606535">like Will Hughes suggested</a>, but the effect is the same when the app accesses the DB directly...the point is that your users' Windows accounts don't have any permissions anymore!)</li> <li>Create views and stored procedures (if they don't already exist anyway) for the stuff your app can do with the database. Give the users permissions to use these, and remove the permissions to the real tables.<br> --> the users can access the views and SPs directly with other tools (even if they don't have any permissions on the underlying tables...permissions on the views and SPs are enough), but they can't do anything that they can't do in your app as well. </li> </ul>
 

Querying!

 
Guidance
An individual column

Larger individual text columns get their own page to allow for proper reading.

SQuiL has stopped working due to an internal error.

If you are curious you may find further information in the browser console, which is accessible through the devtools (F12).

Reload