I am developing a multi-user-application windows desktop application.
For User Management i use the DMBS (Oracle, MySQL, MSSQL, Postgre).
So each user has an database user account.
I do not want the user to connect to the database directly and read / write data.
The data should only be accessible connection should only be valid if they use my application.
I found this website by SQLDUDE where he describes some techniques.
One way to access the data only through a specific application is a logon trigger that checks for application_name.
However he also describes that this method can easily be spoofed as the user can specify the application_name once he knows it in the connection string.
(detailed explanation here - see Solution for Scenario #2)
He also mentions Application Roles.
A more secure approach you could use for this is called "Application
Roles". When connecting from an application you assume a particular
role and only that role is granted privileges required in the
database.
So basically the user logs in with his login credentials but has no rights at all (only connect).
Then inside the application i call sp_setapprole with a password, once the connection is established so the application rules are granted.
Once this call succeeds then the connection gets the privileges of the
application role and loses privileges of the actual user, which is
what we want. So if someone tried to connect to the database from SSMS
or SQLCMD, they will access the DB using their credentials, which
won’t have the required permissions on the tables, since only the
application role has the rights on the tables. This is more secure &
reliable approach, but one that requires application code change and
as a DBA you will have to create the application role in SQL Server.
So Application Roles sounds like the way to go.
My question is:
Are application roles DMBS standard and available to most DBMS systems?
Is there way to trace the sp_setapprole login (e.g. with WireShark)?
Of course someone could reverse-engineer the application and get the credentials for the application role - but i guess that's unavoidable :)
I've seen one simpler solution in place and it worked fine. Here it is:
The application is responsible for creating users at the database
Before creating the user, the application hashed/encrypted their password, so if you chose password "123456" it would be created as "RRU2992191910" (just an example)
If the user tried to connect to the database with "123456" it wouldn't be successful
Only the application was able to connect to database, because it hashed/encrypted the password informed by the user
This is not the most secure solution in the world, but it's very simple and does what you want. And it could be ported to different RDBMS's with no extra cost.
Related
I have a request from a customer and I am quite sure the answer is no, but wondering if someone has a different answer.
Background
As you know MySQL installation create a database called "mysql" where it stores the databases we create and also the users.
In the user table, there is a field called "authentication_string" where the user password is saved.
Project
On this project each time a customer creates an account a new database user and database is created.
When a customer logs in through a web interface, the system calls an API to authenticate him/her. After that the root db user is used to connect to customer database, not their own database credentials, why? because they do not want to save user and password on database (this is a temp solution)
They want to change the application so after authentication/authorization process and they would somehow only needed root credentials to somehow get user and password from "mysql db" and then use them to create the connection using customer db credentials.
Is this possible? Or is there some mysql parent - children configuration where this scenario is possible?
Project uses MySQL 5.7
From what I can understand I think you could just use MySQL’s SET PASSWORD to set some random strong password for the user and then login using that. This way you would not store anything and it would still be pretty secure assuming your root db access is fairly isolated from the thing that’s trying to login as the user.
For example:
SET PASSWORD FOR some_user = <long-strong-randomly-generated-password-string>
Afterwards you return this <long-strong-randomly-generated-password-string> from your access-providing process and then the user process can login using that. In this case it would stay valid until the next SET PASSWORD, so keep that in mind, but depending on your use-case that might be ok.
How do I prevent WAN access to a particular database in SQLyog? I am able to grant full access to particular DB's, but not able to prevent them. I have a Web APP that runs on an internal server and accesses MySQL on the same server. I have created a SQL user with my workstations IP, but I am receiving access denied from dbconnect when I run the APP from my workstation.
Thanks,
Tony Cripps
MySQL does not allow connections from anything other than what you've specified. If you want to disallow access from a particular IP or network, then that mean that you've already gone and granted access to them.
Review the CREATE USER syntax, particularly the section on specifying hostnames.
Review the user accounts that you've already created:
SELECT user, host, password FROM mysql.user;
And then re-create them as necessary.
Other than than that, if you want to completely disallow WAN access then you should be looking at your firewall settings, not MySQL.
I have a website on a shared server . it uses Sql server as database ( also shared ) with an account limited to execute procedures . now I wonder if anyone who has access to sql server could read and manipulate my data without having my credentials ( by using thier own ) ? if so how can I track users logged into my database and more importantly stop them ?
There are two ways to connect to SQL using a SQL login or using windows authentication. These are your logins to the server. To then connect to the database you have to be granted rights to the database. So as long as your login is the only one that has been granted rights to the DB then you have no need to worry.
Depending on the rights you have on the DB could set up roles within the DB and allocate user(s) to the roles. This way the only way anyone can do anything in your db is if they are a member of the roles you have set up (or they have an SA account on the server or have also been set up with dbo rights on the database).
Again depending on what rights you have on the server you could set up a trace (google sp_trace_create and sp_trace_setevent) to capture logins to your database this writes to the harddrive of the server and then you can use fn_trace_gettable to query this data.
The problem goes beyond Execute permissions and logging access...
The bottom line is that you and your data are at the mercy of the the host. If they can be trusted and are competent, your data should be safe. However, if you are unsure, or if you are storing data that is too valuable to risk, your only choices are to either encrypt the data so that nothing useful can be gleamed from it and make sure you have a backup, or find a different host who will provide appropriate safeguards.
I'm making a winforms app in vb.net that connects to a mysql database on my webserver to read and write data, this all works fine.
But i have to allow the users ip to remote connect to the database.
Is it possible to give everyone access to the database? The user account will not have all rights an the data isn't very important if it got lost.
The user account and connection details are hard coded.
I know this isnt secure but that doesnt really matter.
Yes, that's very well possible. In your mysql privileges table you'll have to grant a wildcard (%) host access to the user. Then in your VB.NET code simply use the address in the connectionString.
Yes, you can GRANT permissions on the database to the same user with wildcards in the host. More information here.
You can specify wildcards in the host name. For example, user_name#'%.example.com' applies to user_name for any host in the example.com domain, and user_name#'192.168.1.%' applies to user_name for any host in the 192.168.1 class C subnet.
The simple form user_name is a synonym for user_name#'%'.
That way every application connects to the database from random hosts and uses the same username/password in the connection string to authenticate, and MySQL will allow it because the host part of the permissions isn't explicitly specified.
But i have to allow the users ip to remote connect to the database.
Why?
Two other options:
1 - Expose the data as a web service. It's already on the web server...
2 - Build a web app instead of a desktop app.
Currently user using connections to both TEST and PROD instances using MS Access, and everything goes well. By using ABC user. Now user having problems with APPS user in TEST .
Also, user having the same problem with user XYZ in PROD instance. This user has the ‘SELECT ANY TABLE’ privilege, so it should be able to see the tables, but doesn’t work from MS Access.
Please suggest us.
If you're able to connect via a SQL connection (I'm assuming ODBC) then you'll be using a predefined set of credentials (i.e. you'll be passing a username and password to Access; probably through the connection string).
Chances are that if your user is unable to get into the database directly, their network (AD?) account is not configured with the same elevated privileges that the ODBC connection has.