Help with security setup on SQL

Hi - I have a simple database (sql 2000) on a dedicated server - I only,
at the moment, use SPs and tables. All of these currently have the
owner set to DBO. Is this ok?
When using .net to allow people to access the database via the web,
should I first setup a User within sql server, and then amend my
connection string in the .config file to use that user only (and
reserver the SA login for myself - as I need to administer the database
via the web too).
What do I need to be careful of when setting permissions for users? eg.
the users will need to be able to add/amend to many tables, and to be
able to run the SPs. In some tables, they will also have to be able to
run delete queries from the DB.
Are there any 'idiots' guides to this to help me get started?
Thanks for any help,
Mark
*** Sent via Developersdex http://www.codecomments.com ***
Don't just participate in USENET...get rewarded for it!I would start with BooksOnLine. There is a lot of good information on
Security that should get you going in the right direction.
security-SQL Server, overview
Andrew J. Kelly SQL MVP
"Mark" <anonymous@.devdex.com> wrote in message
news:Oiht6wAuEHA.2624@.TK2MSFTNGP11.phx.gbl...
> Hi - I have a simple database (sql 2000) on a dedicated server - I only,
> at the moment, use SPs and tables. All of these currently have the
> owner set to DBO. Is this ok?
> When using .net to allow people to access the database via the web,
> should I first setup a User within sql server, and then amend my
> connection string in the .config file to use that user only (and
> reserver the SA login for myself - as I need to administer the database
> via the web too).
> What do I need to be careful of when setting permissions for users? eg.
> the users will need to be able to add/amend to many tables, and to be
> able to run the SPs. In some tables, they will also have to be able to
> run delete queries from the DB.
> Are there any 'idiots' guides to this to help me get started?
> Thanks for any help,
> Mark
> *** Sent via Developersdex http://www.codecomments.com ***
> Don't just participate in USENET...get rewarded for it!|||Mark
In addition to Andrew's advice I'd also recommend you to read some stuff
about SQL Server injection which may hurt your SQL Server database.
http://www.dbazine.com/cook8.shtml
"Andrew J. Kelly" <sqlmvpnooospam@.shadhawk.com> wrote in message
news:O$FaeoDuEHA.1400@.TK2MSFTNGP11.phx.gbl...
> I would start with BooksOnLine. There is a lot of good information on
> Security that should get you going in the right direction.
> security-SQL Server, overview
>
> --
> Andrew J. Kelly SQL MVP
>
> "Mark" <anonymous@.devdex.com> wrote in message
> news:Oiht6wAuEHA.2624@.TK2MSFTNGP11.phx.gbl...
>