Skip to Content
Former Member
Jun 20, 2016 at 01:15 PM

Database security - and an internal pb 12.5 classic application


We have a client that's concerned about their sql server database, and internal security.

We currently are having them use windows authentication to log into the database.

And this is what's being used to do insert / updates on the database.

However... they are concerned that the user could access the tables by using the sql server management studio

Which.. they could.

I guess they don't necessarily, trust their own users.

Now... we could

use a single database login... that the user wouldn't know the password to.

and, this is how they would access the database. The login info, they entered would only allow them

access into our software.

(but... this login / password would have to be stored somewhere... and, would also need to be changeable)

This... as a whole, doesn't seem real secure


we create stored procedures that do the actual access / manipulation of the data

But... this would take a large rewrite, of how the system currently works.

Does anyone have any suggestions? thoughts?

I guess i could understand enhanced security, if the application was accessible from the outside.

But.... this application is within their network.

I guess that, this is the way things are headed these days.

lock down everything