So I've been thinking about SQL security lately and wanted to see what others are doing.
I have been using integrated security (window's authentication), stored procecedures when necessary and have done my best to limit access to tables and those stored procedures with SQL server in conjunction with my application. But I'm starting to wonder if that is enough.
Imagine for a moment that you are developing an application that requires strict security, say for a bank or something and SQL was going to be used as the backend to keep track of transactions and account balances etc... Now, you can use stored procedures and all that I have above, but what is there to stop some rogue employee from installing SQL Server Management Studio or literally any sql tool to talk directly to the sql server. Even if you limit access with your application or even on the server level, a delete permission is a delete permission and it doesn't matter if your application issues it or if another one does.
Is there a way to prevent this other than on the workstation level (preventing install permissions for users etc...) Can you actually setup SQL to only talk to your application and that's it to prevent others from accessing the data?
I'm just curious how larger corporations would do something like this. I mean, imagine Epic, the health information software, or the software that banks use, or the software that any large corporation would use to track accounts and payments and services like AT&T, Sprint, MCI (do they exist still?) or any point of sale store where all the stores are wired together like Walmart (buy something at one store and you can return it at any of them with the same receipt). Even though some of these may not be all that "important" (forging receipts compared to stealing money from the banks) they all need security and I know not all of them would use SQL, but some might use something similar or may actually use SQL! How do they keep prying eyes and fingers out of the data except through the appropriate channels?
Any ideas? Suggestions? Articles/links?