I just started using SQL Server in my ASP sites, and I was wondering if it makes any sense to have different users for different scripts on my site i.e. use one login for a script that just needs read access and use another login for a script that needs write access. It doesn't seem any more secure to me to do it that way, because either way the connection info is in the global.asa file, so if someone gets that info they get it all. Am I missing anything?
Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations Chriss Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
ASP & SQL Server Security
- Thread starter shmod
- Start date
It depends on wich security option you used in Sql Server if you want to let Windows manage all the authentication business, use
as parameter in Sql Server and check the
(or something like that : I got the french version) in the security parameters in IIS http server. When an user will connect to the site, it's login and password will pass through IIS and will be aviable to connect him(her) to Sql Server.
All this is only aviable if you're coding an intranet.
Code:
windows authentication
Code:
integrated authenticationAll this is only aviable if you're coding an intranet.
- Thread starter
- #3
This really depends on your reasons for wanting to do it. Consider it like this: If there is a security issue, would your database be more secure by using a more restrictive account in some places and a less restrictive account in others?
I think that this would actually only add complexity to your project. Having two accounts would be just about the same as only having one user account unless you never planned on accessing anything but the read only account from your ASP pages. If you plan on updating or inserting into your table you will need the less restrictive account, and at that point you have placed your self in the same situation as you would be in with a single account. If this is a security issue than it's possible someone may have a more specific or better answer to your concern, but I hope my previous remarks help.
-Tarwn The three most dangerous things in the world are a programmer with a soldering iron, a hardware type with a program patch, and a user with an idea
-computer saying (Wiz Biz - Rick Cook)
I think that this would actually only add complexity to your project. Having two accounts would be just about the same as only having one user account unless you never planned on accessing anything but the read only account from your ASP pages. If you plan on updating or inserting into your table you will need the less restrictive account, and at that point you have placed your self in the same situation as you would be in with a single account. If this is a security issue than it's possible someone may have a more specific or better answer to your concern, but I hope my previous remarks help.
-Tarwn The three most dangerous things in the world are a programmer with a soldering iron, a hardware type with a program patch, and a user with an idea
-computer saying (Wiz Biz - Rick Cook)
- Status
Similar threads
- Locked
- Question
- Locked
- Question
- Locked
- Question
