I see many questions on how to access SQL from Excel. I'm trying to do the opposite. We have a few purchased applications that use SQL as the database engine. With the capabilities in Excel 2007 making it so easy to connect to the SQL server, we
see this as a security issue. We don't want our users to be able to access the database tables through any other methods besides through the application interface (a thick client in one instance and a web-based app in another). How can this be prevented? We
are using AD for authentication and authorization and SQL 2000. Our DBA doesn't think this can be prevented. I'm the secuity guy and I'm responsible for data integrity. Are application roles a possibility? I understand they're difficult to maintian. From what
I understand, this would allow the application to submit credentials to SQL without relying on AD credentials for individual users. Can SSL be used to encrypt the communications on both the thick and IIS applications?
Thanks in Advance
View Complete Post