RE: SQL Server permission question
does nayone know of a way to allow a user to only have permission to execute stored procedures in sql server and not select, update, insert, delete permissions directly? i want people to only be able to access the data in my database from a sp and not directly using select, update, insert, delete. If you are doing this via the web, then you can use the CF Administrator to do this. Select the DSN that you want to execute only teh Sp, make sure that you chek the Stored Procedures check box. If you are talking about using enterprise manager, then you would need to create a login for the users and allow only SP permissions on the database. It's worth pointing out that this doesn't affect the actual rights of the user account used by CF, it only affects how CF will interact with that datasource. If your web server is compromised, there may be other ways to use that ODBC datasource besides CF - or in any case, the attacker could simply enable the appropriate settings within the CF Administrator! You always, ALWAYS, want to limit the actual rights of the user account within the database. Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ voice: (202) 797-5496 fax: (202) 797-5444 __ Your ad could be here. Monies from ads go to support these lists and provide more resources for the community. http://www.fusionauthority.com/ads.cfm FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
RE: SQL Server permission question
Yup - in SQL server you want to create a user that only has permissions to execute SP's. The DSN you set up that the webser uses needs to login using this user. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: 01 May 2002 14:37 To: CF-Talk Subject: SQL Server permission question does nayone know of a way to allow a user to only have permission to execute stored procedures in sql server and not select, update, insert, delete permissions directly? i want people to only be able to access the data in my database from a sp and not directly using select, update, insert, delete. Anthony Petruzzi Webmaster 954-321-4703 [EMAIL PROTECTED] http://www.sheriff.org __ Get the mailserver that powers this list at http://www.coolfusion.com FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
Re: SQL Server permission question
If you are doing this via the web, then you can use the CF Administrator to do this. Select the DSN that you want to execute only teh Sp, make sure that you chek the Stored Procedures check box. If you are talking about using enterprise manager, then you would need to create a login for the users and allow only SP permissions on the database. -- Original Message -- From: [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED] Date: Wed, 1 May 2002 09:36:54 -0400 does nayone know of a way to allow a user to only have permission to execute stored procedures in sql server and not select, update, insert, delete permissions directly? i want people to only be able to access the data in my database from a sp and not directly using select, update, insert, delete. Anthony Petruzzi Webmaster 954-321-4703 [EMAIL PROTECTED] http://www.sheriff.org __ Signup for the Fusion Authority news alert and keep up with the latest news in ColdFusion and related topics. http://www.fusionauthority.com/signup.cfm FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
RE: SQL Server permission question
Oh - forgot to mention - every SP you create you then need to put a Grant Execute. to that user (or group) -Original Message- From: Andy Ewings Sent: 01 May 2002 14:44 To: '[EMAIL PROTECTED]' Subject: RE: SQL Server permission question Yup - in SQL server you want to create a user that only has permissions to execute SP's. The DSN you set up that the webser uses needs to login using this user. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: 01 May 2002 14:37 To: CF-Talk Subject: SQL Server permission question does nayone know of a way to allow a user to only have permission to execute stored procedures in sql server and not select, update, insert, delete permissions directly? i want people to only be able to access the data in my database from a sp and not directly using select, update, insert, delete. Anthony Petruzzi Webmaster 954-321-4703 [EMAIL PROTECTED] http://www.sheriff.org __ Signup for the Fusion Authority news alert and keep up with the latest news in ColdFusion and related topics. http://www.fusionauthority.com/signup.cfm FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists