胖客户端访问的安全 SQL Server
有没有办法保护胖客户端访问的 SQL Server 数据库的安全?含义:应用程序在放置 sql 语句时直接与数据库通信。这意味着,连接字符串必须位于客户端的某个位置。使用此连接字符串(使用 winauth 或 sql server 身份验证),任何用户都可以使用某些 Management Studio 或命令行访问数据库,并向数据库放置与 GUI 允许的不同的语句。
对此该怎么办?我无法在客户端和数据库之间放置另一层,因为此架构已修复。
Is there a way to secure a sql server database which is accessed by a fat client? Meaning: The application communicates directly with the database as it places sql statements itself. That means, the connection string has to be somewhere on the client. Using this connection string (either with winauth or sql server authentication) any user can access the db using some management studio or command line and place different statements to the db than the GUI would let him.
What to do about that? I cannot place another layer between the client and the database as this architecture is fix.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(3)
这就是 SQL Server 权限的用途。
您可以执行一些操作,例如向用户授予对视图或存储过程的权限,而不向用户授予对基础表的权限。
您可能想查看应用程序角色
http://msdn.microsoft.com/ en-us/library/ms190998.aspx
http://www.sqlservercentral.com/articles/Security/sqlserversecurityprosandconsofapplicationroles/1116/" sqlservercentral.com/articles/Security/sqlserversecurityprosandconsofapplicationroles/1116/
That is what SQL Server permissions are for.
You can do things like give permissions to a user on a View or Stored Procedure without giving the user permissions to the underlying tables.
You might want to look into Application Roles
http://msdn.microsoft.com/en-us/library/ms190998.aspx
http://www.sqlservercentral.com/articles/Security/sqlserversecurityprosandconsofapplicationroles/1116/
在所有安全模型(包括 Windows 和 SQL 身份验证)中,访问权限均授予用户(身份),而不是应用程序。因此,应用程序所需的任何访问权限必须授予运行该应用程序的用户。当使用 Windows 身份验证时,这意味着同一用户可以通过 SSMS 查询利用应用程序本身所需的所有权限。这是任何管理员都必须理解的基本规则。从安全的角度来看(意味着诸如 CC 合规性等),这是事实,任何规避它的尝试都是注定要失败的。
但从实际角度来看,有一些措施是可以采取的。最常用的一种是使用登录触发器来验证
APP_NAME()并允许访问SSMS 仅来自一组明确定义的客户端工作站,并且适用于一组明确定义的用户。重要的是要了解此类机制不是安全功能,因为它们很容易被恶意用户规避。它们更像是门锁:它们不能阻止小偷,而是让诚实的用户保持诚实。
In all security models, including Windows and SQL Authentication, access rights are granted to an user (an identity), not to an application. therefore, any access right needed by the application must be granted to the user running the application. When Windows authentication is used this means that the same user can leverage all the privileges needed by the application himself, from an SSMS query. This is a fundamental rule any administrator must understand. From a security point of view (meaning things like CC compliance and such) this is a fact and any attempt to circumvent it is doomed.
But from a practical point of view, there are certain measures that can be deployed. The most commonly used one is to use a logon trigger that validates the
APP_NAME()and allows access for SSMS only from a well defined set of client workstations, and for a well defined set of users.What is important to understand that such mechanisms are NOT security features, as they can be easily circumvented by a malevolent user. They are more like door locks: they don't keep thieves out, they keep honest users honest.
首先也是最重要的 SQL 注入漏洞的全部要点是攻击者能够操纵查询。这个有目的的协议是一个更严重的漏洞。但不仅如此,这也明显违反了 CWE-602:客户端执行服务器端安全性和CWE-603:使用客户端身份验证< /a>.
为了确保安全,您必须执行以下操作:
每个用户还必须拥有自己的锁定数据库。因为他们只有选择/更新/删除/插入,没有其他权限(尤其不是 xp_cmdshell()!!!!!)。您不能允许用户共享数据库,否则攻击者将能够查看其他用户的信息。攻击者始终能够获取 sql 服务器的用户名/密码,并能够直接与自己的客户端连接。很难认为这种关系是安全的,几乎在所有情况下,这都是巨大的脆弱性。
实际上,这是一个非常严重的架构缺陷,您必须构建一个服务器端组件来为客户端构建需求。这通常使用 SOAP(针对 ms 平台的 wcf)来完成。
First and foremost the whole point of a SQL Injection vulnerability is that the attacker is able to manipulate queries. This purposed protocol is an even worse vulnerability. But not only that this is also a clear violation of CWE-602: Client-Side Enforcement of Server-Side Security and CWE-603: Use of Client-Side Authentication.
In order to make this secure you must do the following:
Each user must also have their own locked down database. As in they only have select/update/delete/insert and no other privileges (especially not xp_cmdshell()!!!!). You cannot allow users share a database, or an attacker will be able to view other users information. An attacker will always be able to obtain the username/password for the sql server and be able to connect directly with his own client. Its hard to think of this relationship as being secure, in almost all cases this is massive vulnerability.
In all reality this is a very serious architectural flaw and you must build a server side component that builds quires for the client. This is usually done with SOAP (wcf for ms platforms).