Site Safety using SQL Server 2005

[Spy$Eyes]

In order to control access to the website, reporting, three processes will be implemented to control and rights management:

• Authentication from NTFS permissions (configured from IIS)
• Management rights from the website
• Security management data sources

This implementation, which will be entirely based on Active Directory, will control the user before accessing the site, while allowing them to only see the reports and records concerning them.

[Solaris]

The first part aims to verify the identity of the user of the site identity that eventually allows to manage rights. This type of authentication is based on the NTFS file system that can create access permissions on files, which define the access rights to the website. Configuration is done so in two steps:

• Configure IIS to support the control rights.
• Setting NTFS permissions on the folder containing the website.

The following steps would be helpful for configure IIS :

1. To set these permissions, you must visit the site properties in which the reporting is installed (default: "Default Web Site"), then the tab "Directory Security".
2. In "Authentication and access control", uncheck "Enable anonymous access".

It should nevertheless be noted that any computer with a session left unlocked to allow a normal user to access the site with the rights of the owner of the machine (it can also be the case if the user saves the password with the Digest authentication). Once the authentication type is selected, it remains only to configure the NTFS permissions of the file of the site.

[Rixwel]

Four types of authentication available in IIS:

• Integrated Windows authentication: information retrieval opening sessions to identify the site (valid if each user is viewing the site from a computer belonging to the field and on which it identified itself with its personal settings when opening session).
• Digest authentication for Windows domain servers: a dialog appears asking the user to enter the login and password for the domain to connect to the website. For convenience, the user can save the username and password in its session to allow quick access to the site. This type of authentication is possible only on Windows domain servers.
• Basic Authentication: WARNING: DO NOT USE UNLESS USED IN CONJUNCTION WITH SSL. Indeed, it is an authentication similar to DIGEST authentication but the password is transmitted unencrypted over the network (risk of capture frame).
• Authentication .NET Passport: This method requires access to the Internet, it is not feasible to use on an intranet.

[Zeverto]

The site has its own system for managing access to resources. This is a very close and NTFS permissions based on identity when authenticating to the site, and therefore information from Active Directory. For each file and report, it is possible to configure access permissions. By default, they inherit permissions from the parent folder, but it is nevertheless possible to break this inheritance, then restore it later. To configure these security options, simply go to the folder properties and / or report and then in the security section. Five options are available then:

• Browser: Allows access to file / read-only report.
• Content Manager: Manage the content server: added file, adding the report.
• My Reports: Allows you to create and maintain records / reports in a personal space (currently disabled on the server).
• Publisher: To publish reports and create linked reports accessible to all (unlike My Reports).
• Report Builder: Allows access to the report generator.

These permissions, configurable for each file and report allow precise control of resources.

[Aienstaien]

A final point concerns the use of data sources. Indeed, by default, the Windows Integrated Security is selected. However, insofar as it can provide access to data by impersonating a user without the latter's knowledge, it is advisable to disable this option in the configuration utility of surface exposure : Configuration Utility Surface Area> Configuration Utility from the surface for Features> MSSQLSERVER> Reporting Services> Windows Integrated Security> uncheck "Enable Windows Integrated security for connections to the source Data Reporting". Also, when configuring data sources, it will be necessary to provide an account for connecting to the database (the account that has permission to access the data). This account can be different for each database server to increase security, it should have limited right to search the data and the active directory account option "Password never expires" shall be checked.

[Lord of the RIG]

The implementation of the security of a website reporting should be done with method, because the multiplicity of options may, where appropriate, lead to an omission option, forgetting that when it comes to security, may have unfortunate consequences. Nevertheless, good management rights during the implementation will allow later access pleasant and transparent to the user (file prohibits not visible, invisible because authentication related logging. The website uses CSS technology reporting. It is therefore quite easy to change the graphics of it. The CSS file is at the root of the site reporting, in the style file:

C: \ Program Files \ Microsoft SQL Server \ MSSQL 3 \ Reporting Services \ ReportManager \ Styles \

[spuff]

While many large companies have adopted business intelligence, this is not the case for all. The main reason being the cost, the arrival of the Business Intelligence Solution for SQL Server 2005 could democratize access to this technology, which, although used, can facilitate decision making and allow to have an objective view of the health of the company. Indeed, through the example that was discussed, we can see the simplicity of implementation. And if everything is not configurable, it is nevertheless a cheap solution for business intelligence that combines simplicity, performance and safety, all around a DBMS famous. Through the different versions of SQL Server, and many features, it is clear that this product may be suitable for both large and small businesses.