We have an application that uses Windows authentication to authenticate users with a database, and SQL Server user accounts must have some read / write access to the database tables.
The problem is that users can then install SQL Server Management Studio and potentially use the database so that it is not used, but that’s not what I want.
All that I read suggests that using integrated authentication is more secure, but at the moment, any user can use Management Studio or Access / Excel only to connect to the database.
I read the question SQL Server Authentication or Integrated Security? which offers some workarounds, but I don’t have the ability to change the application as dramatically as refactoring all stored procedures, etc., so I was hoping there might be another option?
Thank,
Nico
source
share