SECURITY procedure for update FRED owns

SECURITY procedure for update FRED owns the PROCEDURE ALTER PROCEDURE update_salary( @EMP_ID INT, @NEW_SALARY MONEY) AS FRED owns the employee table table is accessed through dynamic SQL execute ( UPDATE employee SET salary = @NEW_SALARY WHERE emp_id = @EMP_ID ) go In this version, access is always checked when dynamic SQL is invoked, regardless of the owner of the object that the dynamic SQL statement accesses. Because we re using dynamic SQL, when BOB executes the stored procedure, BOB s access to the employee table is checked. Because BOBdoes not have access to the table, the stored procedure fails. SQL Server 2005 refines the concept of ownership chaining to deal with the concept of schemas and introduces the notion of execution context other than current user. Setting execution context can solve the dynamic SQL problem just described but must be managed carefully. We ll discuss it later in this chapter. SQL Server Password Policies and Credentials In addition to new security features related to .NET managed code, other security features are intended to tighten authentication through SQL Server logins when SQL Server runs under Windows Server 2003. As we mentioned at the beginning of this chapter, users can use Windows authentication or SQL Server authentication to log in to SQL Server. Windows authentication is secure.Auser s password is never sent across the network, and the system administrator can enforce password policy. The password policy can require that users change their password at the first login to the NT domain or machine. The policy can require users to use strong passwords for example, at least eight characters including at least one number, letter, and special character. The policy can also require users to change their password every so often. The policy can specify that a login will be locked out after a certain number of bad password attempts. When a database administrator switches all SQL Server logins to Windows authentication, SQL Server inherits this level of enforceable security. Until SQL Server 2005, SQL Server logins had none of these necessary security characteristics. And weak passwords are acknowledged to be the weakest link in most security systems.

Note: If you are looking for good and high quality web space to host and run your application check Lunarwebhost Java Web Hosting services

Bookmark the permalink.

Comments are closed.