Allow IIS_WPG group user to access DB | SQL Server Performance Forums

SQL Server Performance Forum – Threads Archive

Allow IIS_WPG group user to access DB

Hi, I need small inputs on Whether to allow IIS group user to directly access database or not ?.
I am having one Domain user which is part of IIS_WPG(IIS Worker Process Group) and added in SQL Server with Database Role of db_datareader,db_dataWriter, EXECUTE Permission on Stored Procedure and EXECUTE AS.
I am not in favour of allowing IIS user to directly access the database because of lots of security threats. I need your inputs whether approach of adding IIS user to DB is secure or not. Thansk and Regards
Ravi K

I don’t think there will any issue as long as you granted limited access and make sure IIS_WPG is not the member of local admin group.
Hi Ravi,
Is this web application is for Intranet/vpn/internet application!!!
If both server are on physically different then only thing to be take care is firewall/intrution detection on IIS server and allow it, if it is on the same machine SQL and IIS then i would not suggest to allow it. Hemantgiri S. Goswami
"Humans don’t have Caliber to PASS TIME , Time it self Pass or Fail Humans" – by Hemantgiri S. Goswami
Hi, Both database and IIS are on the same server Windows Box. and application is Intranet. I am just worried about Hacking because as per my understanding IIS 5.1 is not secure and same ID is used to process client request and access database.If both the user are different then it is secure environment. Thanks and Regards
Ravi K If it is not a big database with a huge growth then you can keep both on the same machine, other wise you might need think about seperating them for the sake of performance. Satya SKJ
Microsoft SQL Server MVP
Writer, Contributing Editor & Moderator
This posting is provided AS IS with no rights for the sake of knowledge sharing. The greatest discovery of my generation is that a human being can alter his life by altering his attitudes of mind.