I'm trying to solve for a real scenario.
The purpose is to increase application and data security.
What I have is several vb applications that connect to different SQL Server databases within the same company. Currently, security is just based on the WinXP (WInNT) ID. SO if you can log in, then you can run the applications.
My suggestion is the addition of login screens to each application which then provides a second layer of security.
Here is the problem...if I use the user's WinNT ID to validate during the connection to the SQL server, then if someone gains access to that person's machine, then they can make a DB connection via ODBC connection to see the database data.
The other option is to create a application specific SQL Server ID/PW that only the DBA and I, the developer, know to use to make the database connection and then the login screen takes care of user-level access. However, to conform to security standards, that password would need to change every 30 days. I can't re-create a new VB app every 30 days. And I loose SQL Server's ability to track inserts/deletes of each user.
Any idea of a possible solution that provides a secure login method without the exposure that WinNT ID access provides?