I was looking into a way to associate sql login with network address,
e.g. user 'sa' will only be able to login from localhost or a particular
ip range, does anyone know whether it is possible?

I know that mysql does this pretty well.

Thanks in advance.

You should be able to implement this functionality with a login
trigger.  Look at the EventData <ClientHost> for the IP address of the
client.

http://technet.microsoft.com/en-us/library/bb326598.aspx
....
<ClientHost>
Contains the host name of the client from where the connection is
made. The value is '<local_machine>' if the client and server name are
the same. Otherwise, the value is the IP address of the client.

-Eric Isaacs

As Eric says, a login trigger should do the trick.  I have one on a server
where one of the application accounts passwords in production is known by
multiple people that prevents that account from logging in from Management
Studio.  They could still login from sqlcmd if they wanted to but they are
not motivated enough to figure that out, or to work from command line.  They
are application administrators and they have to have the password to that
account do certain tasks and they used to get on phone calls with the
vendor, and start doing things in the production database that the vendor
said do but hadn't actually tested before.  It only took once having to
restore the database from an oops, and I figured out how to lock them out
from doing that ever again.  I didn't even know that they could do it until
it was to late.

Show quoteHide quote

Eric Isaacs wrote:

Thanks Eric, I will give it a go then.

Cursor Help
Can a trigger be inadvertantly disabled?
Disaster Recovery Options
Problem in sysdatabases
SQL Server 2005 Script Out User Permission Prod-> Dev
FT Index - Avoid Noise Words
how to ignore error....
SQL server 2000 and Access project
Forgot to detach?
SQL Server 2005 Rebuild Error: 8152