Please ensure Javascript is enabled for purposes of website accessibility
Powered by Zoomin Software. For more details please contactZoomin

Application Server

TABLE OF CONTENTS

Secure access to the SQLDataGrid

Save PDF
Save selected topicSave selected topic and subtopicsSave all topics
Share
Share to emailCopy topic URL
  • Last UpdatedJul 19, 2024
  • 2 minute read

The SQL Data Grid is a powerful tool which allows InTouch WindowViewer to connect to various SQL databases. This tool allows for reading as well as modifying SQL databases, including their data, tables, table schemas, and stored procedures. Given this, it is important that the SQLDataGrid and any SQL database(s) it will access are configured securely.

Security best practices

  1. Grant each user the least privileges required within each SQL database

    Grant users in the SQL database the least privileges required to accomplish their job. This can include limiting their access to specific databases as well as preventing modification to the database. The user should only have the privilege needed to perform their required actions. In the SQLDataGrid, the user will only be able to perform actions that their role allows them to. For SQL authentication and Windows impersonation, this is the user whose credentials have been provided to the SQLDataGrid. For Windows integrated authentication, this is the currently logged-on user.

  2. Consider granting users read-only access within each SQL database

    Grant users read-only access in the SQL database when possible. This will prevent unwanted modification of the database. The SQLDataGrid can operate with a user who has read-only privilege and will only allow the user to retrieve and view the data.

  3. Configure SQLDataGrid to use Windows Integrated Authentication

    Configuring the SQLDataGrid to use Windows integrated authentication helps to secure your application. Using SQL authentication and Windows impersonation require the storage of user credentials and increases the attack surface of the application. With Windows Integrated Security, the SQLDataGrid will connect to the SQL database using the context of the currently logged on Windows OS user.

  4. Be aware of what SQLDataGrid can do

    As an application developer/maintainer, it’s your responsibility to be fully aware that the SQLDataGrid is not a read-only control, but instead it allows users to execute full SQL statements on the database, including UPDATE, CREATE, DROP, etc. There is a potential risk involved with using the SQLDataGrid if it, or the SQL database it is accessing are not configured securely.

TitleResults for “How to create a CRG?”Also Available in