As a high-level security measure in SQL Server,
if you do not want application developers to know the application’s user password, this article will be helpful.
With this method, the application will only be able to connect to the database from specific application servers.
We need to identify the application servers that need to be connected to the database as login to SQL Server as follows.
1 | CREATE LOGIN [Domainİsmi\TESTSERVER$] FROM WINDOWS; |
You should write your server name in the section titled TESTSERVER above.
I’m referring to an important point.
You should type the server name in uppercase letters.
When you create Login this way, application developers need to write “Integrated Security = SSPI
” or “Trusted_Connection = True
” instead of userid and password in the connection string.
How we prevent to access of the database if someone have application server access. How we can restrict user to only connect from the application and not from any query or SSMS tool.
If someone have application server access and if you dont apply this method that person can get the password from the webconfig and can use it on another server.
with this method he or she can not connect from any other server. Maybe there can be a retriction but I dont know.
You can login with local user like this with sqlserver authentication If you defined server login.
localuser@servername
you should add Integrated Security parameter to SSMS
If this method not enough for you, you can hash your webconfig. This is another method.