User and permission configuration in SQL Server database to ensure database security

      Recently, a friend's website was attacked , Vulnerabilities are relatively outdated SQL Inject , In the process of helping repair , The super administrator user is used to discover the database sa, One of the measures to improve data security and server security is to reduce web Permissions of application database users , A review of Sql Server Database users and security policies , Make a summary .

One . Database login type

      Open the database client tool , Server name ：“.” Represents the local computer , Select the drop-down box , You can see that there is another content that is the same as the local host name , It also represents the local server connection ; To connect to a remote server , Fill in remote... Here IP Address ; Here's the picture

1） Authentication ： The authentication drop-down box is ”Windows Authentication “ and ”SQLServer Authentication “ Two ways of landing , This is the login account .

　　”Windows Authentication “： Suitable for Windows The platform , No password and Windows Integration verification ;

　　”SQLServer Authentication “： Suitable for non Windows Platform users or Internet user , You need to provide login account and login password ; account number sa It belongs to this kind of login account , Is a super administrator login account .

2）sa Login account

　　sa It's a super login account , After we use him , You can see all the databases in the database server , And all tables in each database , Have all the permissions to manage the database server , Because of the particularity of this account , Use this account , Extremely insecure for database security （ Because you can see all the databases , Data sheet , And can add, delete and modify the database ）. So , In program development , It is necessary to add a new login account , Add the corresponding database user , And set different permissions for database users , To ensure the security of database and data .

　　 The following content mainly explains how to create a login account , Create database users , And grant permissions to database users .

Two . Login account addition and deletion

　　1） Login account add

　　1. establish Windows Login account ,   grammar ： exec sp_grantlogin ' Login account '

use master
go
exec sp_grantlogin 'AY140317181605Z\jjlm'
--AY140317181605Z Represents the name of the local machine ,jjlm A user name representing the computer , This account can be accessed through " Computer management " Medium " Local users and groups " To add users to this computer , And set the operation permission of this computer
　　2. establish SQL Server Login account , grammar ： exec sp_addlogin ' Login account ',‘ password ’

use master
go
exec sp_addlogin 'jjlm','123456'
After code execution , The two login accounts will be displayed on the database client , The following figure shows the second account , The first one was deleted, so it doesn't show .

　　2） Delete login account , grammar ：exec sp_droplogin ' Login account '

use master
go
exec sp_droplogin 'AY140317181605Z\jjlm'
 　　 Log in with the newly created login account SQL server After the client ( No database users and permissions have been added for it ), Click the database inside to find SQL server The client reports the following prompt

　　 also [ Security ] Inside [ Login name ] And sa The content in the account is different , Only 'sa' And just created 'jjlm' account number

remarks :

　　 Log in to the client with the login account just created , When no database user is set for it , You can only see the database inside , Cannot open database , You can't view the data table , Cannot perform SQL Query of statement .

3、 ... and . Database users
 

　　1) Create database users

　　 Specify which database to add database users for , Basic grammar :exec sp_grantbaccess  ' Login account name ',' Database user name '

use jjlm-- For the database jjlm Create database user name
go
exec sp_grantdbaccess 'jjlm','jjlmUser01'
　　 All login accounts are created in master Executed under the database , The database user name is created for the specific database , All use use jjlm go Grammar points to jjlm database , Call system stored procedure sp_grantdbaccess Create a jjlmUser01 Username , Its login account name is jjlm.

　　 here , database jjlm The user in the security in has jjlmUser01 user name
    dbo Database user name , It represents the owner of the database （DB Owner). You can do all the management of the database and its objects , Have all permissions for database operation . We can't delete dbo user , This user appears in every database , Assigned to by default sa Login account , therefore sa Login account can access all databases .

　　2） Delete database users

　　 The deletion is also performed in the specific database , Instead of master Execute... In the database

　　 grammar ： exec sp_dropuser ' Database user name '

use jjlm
go
exec sp_dropuser 'jjlmUser01';

Four . Authorize database users

　　 After creating the database user name for the database , Use jjlm Log in the account and log in to the client , Found that we can only open the database jjlm, Other databases also cannot be opened , open jjlm After the data , Find out ‘ surface ’ The content in is empty , There is no data sheet , That's why ？ Because we haven't authorized users yet , such , Users cannot operate on the database , In order to ensure the use function of the software , We need to restrict data users . Such as bank management system , Customers and banks have different access rights to the banking software system , Customers can only view their own account information , Such as the amount of deposit , Overdraft limit , Password modification authority, etc , Cannot view other customer information ; The bank can view all the basic customer information , Such as customer card number , Card opening time , Whether the card number is frozen or not , But you can't change the customer's password , How much is the deposit , Change deposit and other permissions . so , The importance of authorizing database users , And safety , It ensures the permission of different users to operate the same database .

　　1） Authorization Syntax

　　grant jurisdiction [on Table name ] to Database users

　　2） Withdraw permission syntax

　　revoke jurisdiction [on Table name ] to Database users

Indicate the ：[] The content in is to limit the data table in the database , Can not add , No addition [] The content represents authorization for all data tables in the database , add [] Limited content , Just authorize limited forms .

use jjlm
go
grant select,insert,update on Students to jjlmUser01
　　 Give table Students Authorized increase 、 Change 、 After checking the data , We use jjlm Login account after login , Can see the database jjlm In the table Students, But I can't see other data sheets , And in Students Delete operation cannot be performed in the table , Because we don't have permission to delete .

use jjlm
go
grant select,insert,update  to jjlmUser01
　　 Compare two pieces of code , After execution , Code 1 Just for Students Data sheet authorization , The code 2 There is no limit , Then give it to the database jjlm Authorization for all data sheets in .

　　3) Database role

　　 It is very troublesome to authorize users individually , To this end, we can give database users a corresponding “ role ”; The role automatically gives the database user corresponding permissions . Easy to use . Here are the commonly used fixed roles .

　　　　1. Database role

　　　　public
　　　　--public Role is a special database role , Every database user belongs to it .public role ： 
　　　　-- Capture all default permissions of users in the database .
　　　　-- The user cannot be 、 Assign a group or role to it , Because they belong to this role by default .
　　　　-- Included in each database , Include master、msdb、tempdb、model And all user databases .
　　　　-- Cannot remove .

　　　　db_owner 
　　　　-- Conduct all database role activities , And other maintenance and configuration activities in the database .
　　　　-- The permissions of this role span all other fixed database roles .

　　　　db_accessadmin 
　　　　-- Add or remove... From the database Windows NT 4.0 or Windows 2000 Groups and users and SQL Server user .

　　　　db_datareader 
　　　　-- View all data from all user tables in the database .

　　　　db_datawriter 
　　　　-- add to 、 Change or delete data from all user tables in the database

　　　　db_ddladmin 
　　　　-- add to 、 Modify or remove objects in the database ( Run all DDL)

　　　　db_securityadmin 
　　　　-- management SQL Server 2000 Roles and members of database roles , And manage the statement and object permissions in the database

　　　　db_backupoperator 
　　　　-- Have the permission to back up the database

　　　　db_denydatareader 
　　　　-- Deny permission to select database data

　　　　db_denydatawriter
　　　　-- Deny permission to change database data

　　2. Basic syntax for adding and deleting fixed roles

　　exec sp_addrolemember ' Database role name ',‘ Database user name ’

　　exec sp_droprolemember ‘ Database role name ’,‘ Database user name ’

　　3. Specific code ：

use jjlm
go
exec sp_addrolemember 'db_owner','jjlmUser01'-- increase db_owner role
exec sp_droprolemember 'db_owner','jjlmUser01'-- Delete the role
      The specified user can be empowered through the graphical interface , It looks more intuitive .

5、 ... and . Additional explanation

　　 Login account 、 database 、 Relationship between database users

　　 The login account and database user have a one to many relationship , Database users and databases are one-to-one . A login account , There can be multiple database users , A database user can only correspond to one database .