This is basic security advice, but a surprising number of
developers embed the SQL Server system administrator (sa) account credentials
within their application connection strings. This leads to two major issues.
·
The account credentials are visible to anyone who has access to
the application's source code.
·
Should the website be compromised the malicious user may be able
to delete tables, drop databases and be able to do all manner of other
undesirable things. It is, therefore, highly recommended that a new SQL Server
user account be created for the Internet user. This user should only be given
access to the objects they are going to need to access. If they only need read
access for a table for example, then they should only be given SELECT
permission and not INSERT, UPDATE or DELETE permission.
The use of stored procedures is highly recommended as a
means of improving security because then the user only needs to be given EXEC
permissions on the stored procedures they need to use.
Alternatively, it is possible to use Windows authentication
for the SQL Server access, in which case for applications using anonymous
access,, the IUSR_machinename could be configured as a SQL Server user and
given the minimum level of object access.