IIS, SQL SERVER 7.0


DevX Home    Today's Headlines   Articles Archive   Tip Bank   Forums   

Results 1 to 4 of 4

Thread: IIS, SQL SERVER 7.0

  1. #1
    Micheal R. Ducharme Guest

    IIS, SQL SERVER 7.0


    I am in the process of developing a order entry system that will have "Intranet"
    and "Extranet" areas. The back-end is MS SQL Server 7.0 and the Front-end
    is ASP,HTML, etc.

    We are looking to let SQL Server do all of the security. Each user will
    have a user account on the Server. With this I will dynamically change the
    connection string to include the indiviuals username and password. Thus letting
    the DB Server authenitcate them.

    Are There problems/limitations by doing this?

    Is there any other way to ensure the application and the data is secure.
    IUSER_Machine(anonymous) is leaving the DB too open and limits auditing.

    Micheal R. Ducharme

  2. #2
    Michael Howard Guest

    Re: IIS, SQL SERVER 7.0


    i assume that because this is an extranet scenario that security is kinda
    important :-) why not auth the clients in iis and use integrated security
    with sql server. that way there is no username/pwd held in the asp page.

    please note that a lot of this is explained in my book.. http://marketplace.devx.com/product.asp?pf_id=5654

    "Micheal R. Ducharme" <portly@coolemail.com> wrote:
    >
    >I am in the process of developing a order entry system that will have "Intranet"
    >and "Extranet" areas. The back-end is MS SQL Server 7.0 and the Front-end
    >is ASP,HTML, etc.
    >
    >We are looking to let SQL Server do all of the security. Each user will
    >have a user account on the Server. With this I will dynamically change the
    >connection string to include the indiviuals username and password. Thus

    letting
    >the DB Server authenitcate them.
    >
    >Are There problems/limitations by doing this?
    >
    >Is there any other way to ensure the application and the data is secure.
    > IUSER_Machine(anonymous) is leaving the DB too open and limits auditing.
    >
    >Micheal R. Ducharme



  3. #3
    Xin Li Guest

    Re: IIS, SQL SERVER 7.0


    Could you possibly elaborate on integrating IIS authentication with SQL?
    I am doing something similar, and am concerned about sending usernames and
    passwords in clear text form across the web. Granted that everything on
    the backend is accessed via very restrictive stored procedures, but still...You
    know how that old saying goes about security. Thank you very much in advance.

    Xin Li


  4. #4
    Michael Howard Guest

    Re: IIS, SQL SERVER 7.0


    in the sql server security dialog box, click on Integrated Security. That's
    it :-)

    "Xin Li" <xinli1@uiuc.edu> wrote:
    >
    >Could you possibly elaborate on integrating IIS authentication with SQL?


    >I am doing something similar, and am concerned about sending usernames and
    >passwords in clear text form across the web. Granted that everything on
    >the backend is accessed via very restrictive stored procedures, but still...You
    >know how that old saying goes about security. Thank you very much in advance.
    >
    >Xin Li
    >



Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
HTML5 Development Center
 
 
FAQ
Latest Articles
Java
.NET
XML
Database
Enterprise
Questions? Contact us.
C++
Web Development
Wireless
Latest Tips
Open Source


   Development Centers

   -- Android Development Center
   -- Cloud Development Project Center
   -- HTML5 Development Center
   -- Windows Mobile Development Center