We have a .NET 2.0 winforms app that connects to a SQL Server 2005

Question

0

Asked: May 22, 20262026-05-22T11:46:12+00:00 2026-05-22T11:46:12+00:00

We have a .NET 2.0 winforms app that connects to a SQL Server 2005

0

We have a .NET 2.0 winforms app that connects to a SQL Server 2005 database using Windows Authentication. All the database modifications are done using stored procedures which are called from the app. This works fine and users are only permitted to do things that their role permits.

However, it has occurred to us that any user with permission to use the app could theoretically fire up MS Access and connect to the database using ODBC and modify any record they wish on the database.

We have created a Security Group in Active Directory, made this a login in SQL Server and then made this a user in the database with the correct rights to be able to use the app. Other domain users are blocked using db_denydatareader and db_denydatawriter.

How do we go about locking this down so modifications via Access etc. are not possible, whilst the application still functions correctly from the desktop .NET app?

Report

Leave an answer
Cancel reply

You must login to add an answer.

Need An Account,

1 Answer

Editorial Team · Answer 1 · 2026-05-22T11:46:13+00:00

Editorial Team

2026-05-22T11:46:13+00:00Added an answer on May 22, 2026 at 11:46 am

SQL server allows you to assign execute permissions to individual stored procedures. If all allowed updates are through your stored procedures, add execute permissions to these, and remove data-writer privileges.

0

Reply
Share
Share

- Report

Sign Up

Sign In

Forgot Password

The Archive Base Latest Questions

We have a .NET 2.0 winforms app that connects to a SQL Server 2005

Leave an answerCancel reply

1 Answer

Leave an answer
Cancel reply