Ask a Question related to ASP Database, Design and Development.
-
Chris Hohmann #1
ASP/DB Security Model Advice
ENVIRONMENT:
Windows 2000 Professional (sp3)
Internet Information Server (5.0)
Active Server Pages (3.0)
VBScript (5.6)
Microsoft SQL Server (08.00.0760)
Microsoft Data Access Components (2.80)
Microsoft OLE DB Provider for SQL Server (08.50.1022)
OLE DB (02.70)
QUESTION:
I've been doing some thinking about ASP/Database security and would
appreciate feedback on the pros and cons of various models. The three
(3) models I've been considering are:
1. Role Your Own: Create various user defined security tables and
restrict database access to stored procedure calls that validate against
data stored said tables. The model would look something like this:
User(1)---(+)Member(+)---(1)Group(1)---(+)Grant(+)---(1)Right
2. SQL Server Security: Use standard logins (vs. Windows logins) and
manage the security model via system stored procedures (sp_addlogin,
sp_adduser, etc...)
3. Windows Security: Use windows logins and similar to option two (2),
manage the security model via system stored procedures.
I'd also be interested in the successes\failures people have had with
other models.
-Chris Hohmann
Chris Hohmann Guest
-
Crossdomain.xml under new security model
I was informed that an old web site a vendor developed for us was no longer working. After some digging I discovered the problem is related to the... -
Need advice on security setup
Hi all experts. I am currently planning a rather large application that will have the following characteristics: 1) Business Services layer... -
What security model do you recommend ?
Given.. We are developing web apps using SQLServer and Oracle databases We want to take advantage of connection pooling We are currently using ASP... -
Implementing Security - Advice Please
I am in the process of writing a fairly large ASP.NET web application and I am about to implement log-ons, permissions etc. I have never used any... -
Security advice ?
Hi I have completed a PHP+ MySQL application that uses and stores sensitive data (uses SSL via https). My query is a little non standard here - ... -
Bob Barrows #2 Re: ASP/DB Security Model Advice
Chris Hohmann wrote:
I use a single sql login for all database activity. I combine that with> ENVIRONMENT:
> Windows 2000 Professional (sp3)
> Internet Information Server (5.0)
> Active Server Pages (3.0)
> VBScript (5.6)
> Microsoft SQL Server (08.00.0760)
> Microsoft Data Access Components (2.80)
> Microsoft OLE DB Provider for SQL Server (08.50.1022)
> OLE DB (02.70)
>
> QUESTION:
> I've been doing some thinking about ASP/Database security and would
> appreciate feedback on the pros and cons of various models. The three
> (3) models I've been considering are:
>
> 1. Role Your Own: Create various user defined security tables and
> restrict database access to stored procedure calls that validate
> against data stored said tables. The model would look something like
> this:
>
> User(1)---(+)Member(+)---(1)Group(1)---(+)Grant(+)---(1)Right
>
> 2. SQL Server Security: Use standard logins (vs. Windows logins) and
> manage the security model via system stored procedures (sp_addlogin,
> sp_adduser, etc...)
>
> 3. Windows Security: Use windows logins and similar to option two (2),
> manage the security model via system stored procedures.
>
> I'd also be interested in the successes\failures people have had with
> other models.
>
> -Chris Hohmann
user-defined security tables which I use to determine which pages (and which
functionality in those pages) should be displayed for each user.
Bob Barrows
--
Microsoft MVP -- ASP/ASP.NET
Please reply to the newsgroup. The email account listed in my From
header is my spam trap, so I don't check it very often. You will get a
quicker response by posting to the newsgroup.
Bob Barrows Guest
Reply With QuoteSimilar Questions and Discussions
Posting Permissions
- You may not post new threads
- You may post replies
- You may not post attachments
- You may not edit your posts
