Liz Doering
lizd1 at charter.net
Sat Nov 11 13:16:32 CST 2006
Dear SQL Server List, It is no doubt due to lurking on this list that I have now landed myself in the kettle of soup I'm in. Two weeks ago, I was a all-Access developer at a tiny almost-all-Access shop. Now I am the SQL Server DBA on a new project internal to Wells Fargo. That I was able to stumble through the interview satisfactorily was due to you folks having put enough concepts in my head so that I could avoid sounding like a complete idiot. Of course, now that I've been on the job for a week, the veneer of knowledge is looking thinner and thinner, and the number of questions I can't answer is growing daily. Here's the most recent poser: They're using SmallTalk for this project, which is actually a major extension of another application which has been in use for 10+ years. They are devoted to using Windows authentication. The developers would like SmallTalk to be able to run SQL statements directly from their code, however, they can only do that if the logged-in user has such rights. Which raises the specter of a savvy user running random SQL statements directly against the database. The solution has been to disallow running any "unapproved" SQL statements by requiring that only sprocs can be run, but the development team isn't happy with that solution, so they are asking me for alternatives. I'm getting more confused as I write this, so I'll guarantee you that there are questions I don't know enough to ask. Can you recommend some reading for me? Do any of you have any specific ideas for this problem? Thanks so much! Hopefully I'll be wise enough to contribute here eventually! Liz