Q.
How can I restrict access to my SQL Server so that it only allows
certain machines to connect?
怎样才能限制我的SQL Server只能让指定的机器连接
A. SQL Server has no
built-in tools/facilities to do this. It also does not have
the facility to run a stored-procedure on connection that could
be written/used to do this. Therefore you have the following
choices :-
SQL Server没有这样的功能,也没有提供在连接时执行某一特定过程的功能。这里介绍几种实现的方法:
1. Put the SQL Server
behind a firewall and use that to restrict access. This is the
most secure and functional way to do what you want.
使用防火墙,它提供了安全和你想用的工具。
2. Write your own ODS
Gateway and point the clients at that instead of the SQL Server
- the ODS Gateway will then do the checking. However, there
is nothing stopping clients figuring out the correct SQL client-config
entries to point straight at the SQL Server. There are examples
of ODS code in the SQL Programmers Toolkit - available for free
download from the MS website.
写自己的ODS网关代替SQL Server的客户端
- 在ODS网关中检查。不过,这并不能停止正常的客户端连接SQL Server。在SQL Programmers Toolkit中有一个这样的例,
可以从微软站点免费下载。
3. Write a constantly
running/scheduled stored-procedure that checks the relevant
column in sysprocesses (net_address), and then issues a KILL
command for any processes that should not be running. Note that
this only works for MAC addresses. This way allows people to
connect and possibly make changes before they are spotted and
killed.
写一个存储过程检查sysprocesses中的相应列(net_address)