pripojeni MS SQL z linuxu

Korinek, Jan Jan.Korinek na hp.com
Čtvrtek Červenec 11 13:04:24 CEST 2002


Chvíli jsme hledal na netu a našel tohle:

New Security Features of SQL Server 7.0 
Security Modes
Microsoft SQL Server 7.0 provides two modes for securing access to the server: Windows NT Authentication Mode and Mixed Mode. 
In Windows NT Authentication Mode, Microsoft SQL Server 7.0 relies solely on the Windows NT authentication of the user. Windows NT users or groups are then granted access to the SQL Server. In Mixed Mode, users may be authenticated by Windows NT or by SQL Server. Users that are authenticated by SQL Server have their username and password pairs maintained within the SQL Server.1 
The standard mode of SQL Server 6.5 and earlier has been discontinued. The practical relevance of this is that SQL Server 7.0 will always allow Windows NT-based logons to take place. 
Windows NT Authentication Mode
This security mode allows SQL Server 7.0 to rely on Windows NT to authenticate users in much the same way as other applications. Connections made to the server using this mode are known as trusted connections. 
When Windows NT Authentication Mode is used, the database administrator allows users to access the computer running SQL Server by granting them the right to log in to SQL Server 7.0. Windows NT security identifiers (SIDs) are used to track Windows NT authenticated logons. As Windows NT SIDs are used, the database administrator can grant logon access directly to Windows NT users or groups. 
Mixed Mode
In SQL Server 7.0, Mixed Mode relies on Windows NT to authenticate users when the client and server are capable of using NTLM2, or Kerberos logon authentication protocols. If either party is incapable of using a standard Windows NT logon, SQL Server requires a username and password pair, and compares this pair against those stored in its system tables. Connections that rely on username and password pairs are called non-trusted. 
Mixed mode is supplied for two reasons: backward compatibility and when SQL Server 7.0 is installed on the Microsoft Windows(r) 95 and Windows 98 operating systems, as trusted connections are not supported on Windows 95/98 computers when they are the "Server." 
Using SIDs Internally
One of the major enhancements of SQL Server 7.0 is that it now uses security identification numbers (SIDs) internally. Windows NT users and groups can be granted access to databases or specific database objects directly. For example, Jane is a member of the SALES and MARKETING groups in Windows NT. The SALES group has been granted permission to log in to SQL Server, and also to access the pubs database. An administrator could grant access to the authors table for Jane by her Windows NT name, REDMOND\Jane. The Windows NT account must be referenced by domain and username. In this case, Jane's SID would be stored in the system tables of the pubs database. 

A podle toho by se server skutečně mohl chovat jinak při NTLM a user/password autentizaci.

Honza

-----Original Message-----
From: Honza Pazdziora [mailto:adelton na fi.muni.cz] 
Sent: Thursday, July 11, 2002 12:08 PM
To: databases na linux.cz
Subject: Re: pripojeni MS SQL z linuxu


On Thu, 11 Jul 2002 08:21:56 +0000 (UTC), Korinek, Jan <Jan.Korinek na hp.com> wrote:
> Mohu potvrdit funkčnost. Já se takto připojoval z PHP na Linuxu na MS 
> SQL server 7.0. V zásadě bez problémů a několikanásobně vyšší výkon 
> proti ODBC. Navíc více možností z hlediska využití služeb serveru. 
> Přes ODBC jsem třeba nebyl schopen zavolat SQL proceduru.

Je tam (v MS SQL) nejaka zaludnost, ktera by zpusobovala, ze kdyz pri logovani klient posle heslo jako clear text, tak ze se pak ten MS SQL server chova k tomu klientovi jinak nez kdyz nalogovani probehne challenge - response zpusobem?

Mam ted problem, ze na nekterych Windows (2k, NT) mi spojeni na MS SQL server funguje a na jinych (ME) je mozne se k tomu samemu serveru pripojit, ale pokus o select z uzivatelske tabulky rika SELECT permission denied on object (chyba tusim 219). Prisel jsem na to tak, ze jsem puvodne pouzil FreeTDS, ze ktereho ty selecty padaly (byt connect projde), a ted uz jsem se posunul do stavu, kdy mi selecty padaji i na Windows.

Diky,

-- 
------------------------------------------------------------------------
 Honza Pazdziora | adelton na fi.muni.cz | http://www.fi.muni.cz/~adelton/
 .project: Perl, mod_perl, DBI, Oracle, auth. WWW servers, XML/XSL, ...
------------------------------------------------------------------------


Další informace o konferenci Databases