SQL Server建立应用程序安全性和程序角色-Mysql Tutorial-php.cn

Home

Database

Mysql Tutorial

SQL Server建立应用程序安全性和程序角色

WBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWB

Jun 07, 2016 pm 03:05 PM

m server sql safety app Establish program Role

Microsoft SQL Server 中的安全系统在最低级别，即数据库本身上实现。无论使用什么应用程序与 SQL Server 通讯，这都是控制用户活动的最佳方法。但是，有时必须自定义安全控制以适应个别应用程序的特殊需要，尤其是当处理复杂数据库和含有大表的数

　　Microsoft® SQL Server™ 中的安全系统在最低级别，即数据库本身上实现。无论使用什么应用程序与 SQL Server 通讯，这都是控制用户活动的最佳方法。但是，有时必须自定义安全控制以适应个别应用程序的特殊需要，尤其是当处理复杂数据库和含有大表的数据库时。

　　此外，可能希望限制用户只能通过特定应用程序(例如使用 SQL 查询分析器或 Microsoft Excel)来访问数据或防止用户直接访问数据。限制用户的这种访问方式将禁止用户使用应用程序(如 SQL 查询分析器)连接到 SQL Server 实例并执行编写质量差的查询，以免对整个服务器的性能造成负面影响。

　　SQL Server 通过使用应用程序角色适应这些要求。应用程序角色与标准角色有以下区别：

　　◆应用程序角色不包含成员。

　　不能将 Microsoft Windows NT® 4.0 或 Windows® 2000 组、用户和角色添加到应用程序角色;当通过特定的应用程序为用户连接激活应用程序角色时，将获得该应用程序角色的权限。用户之所以与应用程序角色关联，是由于用户能够运行激活该角色的应用程序，而不是因为其是角色成员。

　　◆默认情况下，应用程序角色是非活动的，需要用密码激活。

　　◆应用程序角色不使用标准权限。

　　当一个应用程序角色被该应用程序激活以用于连接时，连接会在连接期间永久地失去数据库中所有用来登录的权限、用户帐户、其它组或数据库角色。连接获得与数据库的应用程序角色相关联的权限，应用程序角色存在于该数据库中。因为应用程序角色只能应用于它们所存在的数据库中，所以连接只能通过授予其它数据库中 guest 用户帐户的权限，获得对另一个数据库的访问。因此，如果数据库中没有 guest 用户帐户，则连接无法获得对该数据库的访问。如果 guest 用户帐户确实存在于数据库中，但是访问对象的权限没有显式地授予 guest，则无论是谁创建了对象，连接都不能访问该对象。用户从应用程序角色中获得的权限一直有效，直到连接从 SQL Server 退出为止。

　　若要确保可以执行应用程序的所有函数，连接必须在连接期间失去应用于登录和用户帐户或所有数据库中的其它组或数据库角色的默认权限，并获得与应用程序角色相关联的权限。例如，如果应用程序必须访问通常拒绝用户访问的表，则应废除对该用户拒绝的访问权限，以使用户能够成功使用该应用程序。应用程序角色通过临时挂起用户的默认权限并只对他们指派应用程序角色的权限而克服任何与用户的默认权限发生的冲突。

　　应用程序角色允许应用程序(而不是 SQL Server)接管验证用户身份的责任。但是，SQL Server 在应用程序访问数据库时仍需对其进行验证，因此应用程序必须提供密码，因为没有其它方法可以验证应用程序。

　　如果不需要对数据库进行特殊访问，则不需要授予用户和 Windows NT 4.0 或 Windows 2000 组任何权限，因为所有权限都可以由它们用来访问数据库的应用程序指派。在这种环境下，假设对应用程序的访问是安全的，则在系统范围内统一使用指派给应用程序角色的密码是可能的。

　　有几个选项可用于管理应用程序角色密码而无须将其硬编码到应用程序中。例如，可以使用存储在注册表(或 SQL Server 数据库)中的加密键，只有应用程序有加密键的解密代码。应用程序读取键，对其进行解密，并使用其值设置应用程序角色。如果使用多协议 Net-Library，则含有密码的网络数据包也可以被加密。另外，当角色被激活时，可以在发送到 SQL Server 实例前将密码加密。

　　如果应用程序用户使用 Windows 身份验证模式连接到 SQL Server 实例，则在使用应用程序时，可以使用应用程序角色设置 Windows NT 4.0 或 Windows 2000 用户在数据库中拥有的权限。这种方法使得当用户使用应用程序时，对用户帐户的 Windows NT 4.0 或 Windows 2000 审核及对用户权限的控制容易维护。

　　如果使用 SQL Server 身份验证，并且不要求审核用户在数据库中的访问，则应用程序可以更容易地使用预定义的 SQL Server 登录连接到 SQL Server 实例。例如，订单输入应用程序验证运行该应用程序的用户，然后用相同的 OrderEntry 登录连接到 SQL Server 实例。所有连接都使用同一登录，相关权限授予该登录。

　　说明应用程序角色可以和两种身份验证模式一起使用。

　　示例

　　作为应用程序角色使用的示例，假设用户 Sue 运行销售应用程序，该应用程序要求在数据库 Sales 中的表 Products 和 Orders 上有 SELECT、UPDATE 和 INSERT 权限，但她在使用 SQL 查询分析器或任何其它工具访问 Products 或 Orders 表时不应有 SELECT、INSERT 或 UPDATE 权限。若要确保如此，可以创建一个拒绝 Products 和 Orders 表上的 SELECT、INSERT 或 UPDATE 权限的用户-数据库角色，然后将 Sue 添加为该数据库角色的成员。接着在 Sales 数据库中创建带有 Products 和 Orders 表上的 SELECT、INSERT 和 UPDATE 权限的应用程序角色。当应用程序运行时，它通过使用 sp_setapprole 提供密码激活应用程序，并获得访问 Products 和 Orders 表的权限。如果 Sue 尝试使用除该应用程序外的任何其它工具登录到 SQL Server 实例，则将无法访问 Products 或 Orders 表。

Statement of this Website

The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn

Hot AI Tools

Undresser.AI Undress

AI-powered app for creating realistic nude photos

AI Clothes Remover

Online AI tool for removing clothes from photos.

Undress AI Tool

Undress images for free

Clothoff.io

AI clothes remover

AI Hentai Generator

Generate AI Hentai for free.

Hot Article

R.E.P.O. Energy Crystals Explained and What They Do (Yellow Crystal)

3 weeks ago By 尊渡假赌尊渡假赌尊渡假赌

R.E.P.O. Best Graphic Settings

3 weeks ago By 尊渡假赌尊渡假赌尊渡假赌

Assassin's Creed Shadows: Seashell Riddle Solution

2 weeks ago By DDD

R.E.P.O. How to Fix Audio if You Can't Hear Anyone

3 weeks ago By 尊渡假赌尊渡假赌尊渡假赌

WWE 2K25: How To Unlock Everything In MyRise

4 weeks ago By 尊渡假赌尊渡假赌尊渡假赌

Hot Tools

Notepad++7.3.1

Easy-to-use and free code editor

SublimeText3 Chinese version

Chinese version, very easy to use

Zend Studio 13.0.1

Powerful PHP integrated development environment

Dreamweaver CS6

Visual web development tools

SublimeText3 Mac version

God-level code editing software (SublimeText3)

Hot Topics

Where is the login entrance for gmail email?

7469

CakePHP Tutorial

1376

What is the format of the account name of steam

win11 activation key permanent

nyt connections hints and answers

Related knowledge

How to make Google Maps the default map in iPhone Apr 17, 2024 pm 07:34 PM

The default map on the iPhone is Maps, Apple's proprietary geolocation provider. Although the map is getting better, it doesn't work well outside the United States. It has nothing to offer compared to Google Maps. In this article, we discuss the feasible steps to use Google Maps to become the default map on your iPhone. How to Make Google Maps the Default Map in iPhone Setting Google Maps as the default map app on your phone is easier than you think. Follow the steps below – Prerequisite steps – You must have Gmail installed on your phone. Step 1 – Open the AppStore. Step 2 – Search for “Gmail”. Step 3 – Click next to Gmail app

How to connect Apple Vision Pro to PC Apr 08, 2024 pm 09:01 PM

The Apple Vision Pro headset is not natively compatible with computers, so you must configure it to connect to a Windows computer. Since its launch, Apple Vision Pro has been a hit, and with its cutting-edge features and extensive operability, it's easy to see why. Although you can make some adjustments to it to suit your PC, and its functionality depends heavily on AppleOS, so its functionality will be limited. How do I connect AppleVisionPro to my computer? 1. Verify system requirements You need the latest version of Windows 11 (Custom PCs and Surface devices are not supported) Support 64-bit 2GHZ or faster fast processor High-performance GPU, most

What is the difference between HQL and SQL in Hibernate framework? Apr 17, 2024 pm 02:57 PM

HQL and SQL are compared in the Hibernate framework: HQL (1. Object-oriented syntax, 2. Database-independent queries, 3. Type safety), while SQL directly operates the database (1. Database-independent standards, 2. Complex executable queries and data manipulation).

Shazam app not working in iPhone: Fix Jun 08, 2024 pm 12:36 PM

Having issues with the Shazam app on iPhone? Shazam helps you find songs by listening to them. However, if Shazam isn't working properly or doesn't recognize the song, you'll have to troubleshoot it manually. Repairing the Shazam app won't take long. So, without wasting any more time, follow the steps below to resolve issues with Shazam app. Fix 1 – Disable Bold Text Feature Bold text on iPhone may be the reason why Shazam is not working properly. Step 1 – You can only do this from your iPhone settings. So, open it. Step 2 – Next, open the “Display & Brightness” settings there. Step 3 – If you find that “Bold Text” is enabled

How many characters are there in Blazlan Chaos Effect? Mar 21, 2024 pm 10:56 PM

Blue Wings Chaos Effect features a diverse cast of characters, each with a unique identity and backstory. For this reason, the editor has specially compiled an introduction to the characters of BlazBlue Chaos Effect for all players. How many characters are there in BlazBlue Chaos Effect? Answer: There are 7 characters. 1. [God of Death] Ragnar Chad Bradedge (nicknamed RG, Nissan), his brother and sister were raised by church nuns. One day, one of the six heroes of the villain broke in, killed the nuns, and burned them down. Church, took his sister away, leaving behind his younger brother "The Weapon of Things" Ice Sword Snow Girl. 2. Noel Vermillion The adopted daughter of the Vermillion family looks almost the same as Ragnar's sister. After graduation, he joined the governing body as secretary to Ragnar's younger brother. 3. λ-11 is collectively known as Lambda and Eleventh Sister. After the original developer gave up, Kokonoe rescued and

Clock app missing in iPhone: How to fix it May 03, 2024 pm 09:19 PM

Is the clock app missing from your phone? The date and time will still appear on your iPhone's status bar. However, without the Clock app, you won’t be able to use world clock, stopwatch, alarm clock, and many other features. Therefore, fixing missing clock app should be at the top of your to-do list. These solutions can help you resolve this issue. Fix 1 – Place the Clock App If you mistakenly removed the Clock app from your home screen, you can put the Clock app back in its place. Step 1 – Unlock your iPhone and start swiping to the left until you reach the App Library page. Step 2 – Next, search for “clock” in the search box. Step 3 – When you see “Clock” below in the search results, press and hold it and

Comparison and differences of SQL syntax between Oracle and DB2 Mar 11, 2024 pm 12:09 PM

Oracle and DB2 are two commonly used relational database management systems, each of which has its own unique SQL syntax and characteristics. This article will compare and differ between the SQL syntax of Oracle and DB2, and provide specific code examples. Database connection In Oracle, use the following statement to connect to the database: CONNECTusername/password@database. In DB2, the statement to connect to the database is as follows: CONNECTTOdataba

Can't allow access to camera and microphone in iPhone Apr 23, 2024 am 11:13 AM

Are you getting "Unable to allow access to camera and microphone" when trying to use the app? Typically, you grant camera and microphone permissions to specific people on a need-to-provide basis. However, if you deny permission, the camera and microphone will not work and will display this error message instead. Solving this problem is very basic and you can do it in a minute or two. Fix 1 – Provide Camera, Microphone Permissions You can provide the necessary camera and microphone permissions directly in settings. Step 1 – Go to the Settings tab. Step 2 – Open the Privacy & Security panel. Step 3 – Turn on the “Camera” permission there. Step 4 – Inside, you will find a list of apps that have requested permission for your phone’s camera. Step 5 – Open the “Camera” of the specified app

See all articles