I have an MS-Access 2007 front end. I will have multiple users on it. They are all going to be on the network company domain. Should I be using Windows authentication or SQL Server authentication to be connecting to SQL Server 2008 via ODBC?
我有一个MS-Access 2007前端。我会有多个用户。他们都将成为网络公司的域名。我是否应该使用Windows身份验证或SQL Server身份验证通过ODBC连接到SQL Server 2008?
5 个解决方案
#1
6
Windows auth will allow a more seamless authentication process, single sign on!
Windows身份验证将允许更加无缝的身份验证过程,单点登录!
From the below article:
从下面的文章:
Disadvantages of SQL Server Authentication
SQL Server身份验证的缺点
- If a user is a Windows domain user who has a login and password for Windows, he must still provide another (SQL Server) login and password to connect. Keeping track of multiple names and passwords is difficult for many users. Having to provide SQL Server credentials every time that one connects to the database can be annoying.
- 如果用户是具有Windows登录名和密码的Windows域用户,则他仍必须提供另一个(SQL Server)登录名和密码才能进行连接。许多用户很难跟踪多个名称和密码。每次连接到数据库时必须提供SQL Server凭据可能很烦人。
- SQL Server Authentication cannot use Kerberos security protocol.
- SQL Server身份验证无法使用Kerberos安全协议。
- Windows offers additional password policies that are not available for SQL Server logins.
- Windows提供了SQL Server登录不可用的其他密码策略。
Advantages of SQL Server Authentication
SQL Server身份验证的优点
- Allows SQL Server to support older applications and applications provided by third parties that require SQL Server Authentication.
- 允许SQL Server支持需要SQL Server身份验证的第三方提供的旧应用程序和应用程序。
- Allows SQL Server to support environments with mixed operating systems, where all users are not authenticated by a Windows domain.
- 允许SQL Server支持具有混合操作系统的环境,其中所有用户均未通过Windows域进行身份验证。
- Allows users to connect from unknown or untrusted domains. For instance, an application where established customers connect with assigned SQL Server logins to receive the status of their orders.
- 允许用户从未知或不受信任的域进行连接。例如,已建立客户与指定的SQL Server登录连接以接收其订单状态的应用程序。
- Allows SQL Server to support Web-based applications where users create their own identities.
- 允许SQL Server支持用户创建自己的身份的基于Web的应用程序。
- Allows software developers to distribute their applications by using a complex permission hierarchy based on known, preset SQL Server logins.
- 允许软件开发人员使用基于已知预设SQL Server登录的复杂权限层次结构来分发其应用程序。
Here is a good article on the pro's/con's for each. http://technet.microsoft.com/en-us/library/ms144284.aspx
这是关于每个人的赞成/反对意见的好文章。 http://technet.microsoft.com/en-us/library/ms144284.aspx
#2
2
Dustin hit on a good list of pros/cons. I know nobody wants to make a decision like this for you, but based on your criteria (multiple users, all on company domain); I can't think of a single reason to use SQL Server Authentication instead of Windows Authentication. It was designed primarily for scenarios like this.
达斯汀打出了一系列利弊。我知道没有人愿意为你做出这样的决定,但要根据你的标准(多个用户,所有公司域名);我想不出使用SQL Server身份验证而不是Windows身份验证的单一原因。它主要是为这样的场景设计的。
#3
2
If you have a Domain, and Active Directory, you should not even think of something else than Windows Authentication .... not a single second!
如果你有一个域和Active Directory,你甚至不应该想到除了Windows身份验证之外的其他东西......不是一秒钟!
#4
1
Like many things when it comes to security implementations what you should do depends on your goals.
与安全实施方面的许多事情一样,您应该做的事情取决于您的目标。
I am not sure from your question if you intend to pass each user's credentials to SQL Server or if you plan on having a single login using either Windows Authentication or SQL Server Authentication. If you choose the later option SQL Server Authentication is probably the way to go as it limits network accounts. If you choose the former Windows Authentication is probably better for your users as it provides single sign on.
我不确定您的问题是否打算将每个用户的凭据传递给SQL Server,或者您计划使用Windows身份验证还是SQL Server身份验证进行单次登录。如果选择后面的选项,SQL Server身份验证可能是限制网络帐户的方法。如果您选择以前的Windows身份验证可能更适合您的用户,因为它提供单点登录。
As an aside my personal preference is to have each application use its own set of credentials for database interaction. This limits users to only having the privileges provided to them by the application. In this manner your users needn't worry about authenticating to the database as your application will take care of that for them.
另外,我个人的偏好是让每个应用程序使用自己的一组凭据进行数据库交互。这限制了用户仅具有应用程序提供给他们的权限。通过这种方式,您的用户无需担心对数据库进行身份验证,因为您的应用程序将为他们处理这些问题。
#5
1
Seeing as you have a desktop front end that is connecting directly to database...your best option is to go with windows auth. Keep in mind by doing this, the user can bypass the frontend and access the database directly. You'll need to grant them the minimum db permissions required. Also, you'll want to use a AD security group instead of adding each user.
看到你有一个直接连接到数据库的桌面前端...你最好的选择是使用Windows身份验证。请记住,通过这样做,用户可以绕过前端并直接访问数据库。您需要向他们授予所需的最小数据库权限。此外,您还希望使用AD安全组而不是添加每个用户。
Sql auth is best for when you control the config file...for example a web app.
当您控制配置文件时,Sql auth最适合...例如Web应用程序。
#1
6
Windows auth will allow a more seamless authentication process, single sign on!
Windows身份验证将允许更加无缝的身份验证过程,单点登录!
From the below article:
从下面的文章:
Disadvantages of SQL Server Authentication
SQL Server身份验证的缺点
- If a user is a Windows domain user who has a login and password for Windows, he must still provide another (SQL Server) login and password to connect. Keeping track of multiple names and passwords is difficult for many users. Having to provide SQL Server credentials every time that one connects to the database can be annoying.
- 如果用户是具有Windows登录名和密码的Windows域用户,则他仍必须提供另一个(SQL Server)登录名和密码才能进行连接。许多用户很难跟踪多个名称和密码。每次连接到数据库时必须提供SQL Server凭据可能很烦人。
- SQL Server Authentication cannot use Kerberos security protocol.
- SQL Server身份验证无法使用Kerberos安全协议。
- Windows offers additional password policies that are not available for SQL Server logins.
- Windows提供了SQL Server登录不可用的其他密码策略。
Advantages of SQL Server Authentication
SQL Server身份验证的优点
- Allows SQL Server to support older applications and applications provided by third parties that require SQL Server Authentication.
- 允许SQL Server支持需要SQL Server身份验证的第三方提供的旧应用程序和应用程序。
- Allows SQL Server to support environments with mixed operating systems, where all users are not authenticated by a Windows domain.
- 允许SQL Server支持具有混合操作系统的环境,其中所有用户均未通过Windows域进行身份验证。
- Allows users to connect from unknown or untrusted domains. For instance, an application where established customers connect with assigned SQL Server logins to receive the status of their orders.
- 允许用户从未知或不受信任的域进行连接。例如,已建立客户与指定的SQL Server登录连接以接收其订单状态的应用程序。
- Allows SQL Server to support Web-based applications where users create their own identities.
- 允许SQL Server支持用户创建自己的身份的基于Web的应用程序。
- Allows software developers to distribute their applications by using a complex permission hierarchy based on known, preset SQL Server logins.
- 允许软件开发人员使用基于已知预设SQL Server登录的复杂权限层次结构来分发其应用程序。
Here is a good article on the pro's/con's for each. http://technet.microsoft.com/en-us/library/ms144284.aspx
这是关于每个人的赞成/反对意见的好文章。 http://technet.microsoft.com/en-us/library/ms144284.aspx
#2
2
Dustin hit on a good list of pros/cons. I know nobody wants to make a decision like this for you, but based on your criteria (multiple users, all on company domain); I can't think of a single reason to use SQL Server Authentication instead of Windows Authentication. It was designed primarily for scenarios like this.
达斯汀打出了一系列利弊。我知道没有人愿意为你做出这样的决定,但要根据你的标准(多个用户,所有公司域名);我想不出使用SQL Server身份验证而不是Windows身份验证的单一原因。它主要是为这样的场景设计的。
#3
2
If you have a Domain, and Active Directory, you should not even think of something else than Windows Authentication .... not a single second!
如果你有一个域和Active Directory,你甚至不应该想到除了Windows身份验证之外的其他东西......不是一秒钟!
#4
1
Like many things when it comes to security implementations what you should do depends on your goals.
与安全实施方面的许多事情一样,您应该做的事情取决于您的目标。
I am not sure from your question if you intend to pass each user's credentials to SQL Server or if you plan on having a single login using either Windows Authentication or SQL Server Authentication. If you choose the later option SQL Server Authentication is probably the way to go as it limits network accounts. If you choose the former Windows Authentication is probably better for your users as it provides single sign on.
我不确定您的问题是否打算将每个用户的凭据传递给SQL Server,或者您计划使用Windows身份验证还是SQL Server身份验证进行单次登录。如果选择后面的选项,SQL Server身份验证可能是限制网络帐户的方法。如果您选择以前的Windows身份验证可能更适合您的用户,因为它提供单点登录。
As an aside my personal preference is to have each application use its own set of credentials for database interaction. This limits users to only having the privileges provided to them by the application. In this manner your users needn't worry about authenticating to the database as your application will take care of that for them.
另外,我个人的偏好是让每个应用程序使用自己的一组凭据进行数据库交互。这限制了用户仅具有应用程序提供给他们的权限。通过这种方式,您的用户无需担心对数据库进行身份验证,因为您的应用程序将为他们处理这些问题。
#5
1
Seeing as you have a desktop front end that is connecting directly to database...your best option is to go with windows auth. Keep in mind by doing this, the user can bypass the frontend and access the database directly. You'll need to grant them the minimum db permissions required. Also, you'll want to use a AD security group instead of adding each user.
看到你有一个直接连接到数据库的桌面前端...你最好的选择是使用Windows身份验证。请记住,通过这样做,用户可以绕过前端并直接访问数据库。您需要向他们授予所需的最小数据库权限。此外,您还希望使用AD安全组而不是添加每个用户。
Sql auth is best for when you control the config file...for example a web app.
当您控制配置文件时,Sql auth最适合...例如Web应用程序。