Ask a Question related to ASP.NET Security, Design and Development.
-
DC Gringo #1
securing data access via website
I would like to use anonymous access for a public access, Win2k/IIS website.
The database, however, should be accessed via a secured, strong-password
domain user account "company\ouraspnetuser". This database is on another
physical Windows 2k server. I've looked into UDL, DPAPI, and sync'd local
ASPNET account passwords and am not terribly convinced of any of them. I'm
not using OLEDB so I can't use UDL. For bureaucratic reasons I can't use
sync'd ASPNET accounts on all the network resources my application needs to
access. DPAPI seems to be the way to go, but it seems outlandishly
complicated to implement--unless of course I haven't found a good reference.
Could someone point me in the right direction and/or comment on another
possible solution?
_____
DC G
DC Gringo Guest
-
Securing Data for Use by Flash
I'd like to built a Flash SWF file that represents data stored on my server graphically. The images would show the data generally without showing... -
Securing a folder's access
I'd like to limit access to a folder with pages in it that perform modifications to a database. I only want these pages accessible by a few people.... -
Securing a php website
I'm writing a php website. Which type of atacks are usually used against php scripts? Which kind of sent string could result in an intrusion in a... -
Data in Access database changed when display in website
Hi Everyone, I am trying to figure why the data of an Access database changed when displayed in a web-based administrative tool. The column data... -
securing data in asp.net
Hi everyone, I am new to asp.net development, and need help on security, I am developing a web application that would be accessed from the... -
Paul Glavich #2 Re: securing data access via website
You could try putting a data access component into COM+ (as a serviced
component), define the identity of the package/component as your preferred
username/strong password, so that the COM+ component runs under the defined
strong identity and access the DB that way via integrated security, and your
app would simply interface with that component.
HTH
--
- Paul Glavich
"DC Gringo" <dcgringo@visiontechnology.net> wrote in message
news:eI1mZbL1DHA.2060@TK2MSFTNGP10.phx.gbl...website.> I would like to use anonymous access for a public access, Win2k/IISI'm>
> The database, however, should be accessed via a secured, strong-password
> domain user account "company\ouraspnetuser". This database is on another
> physical Windows 2k server. I've looked into UDL, DPAPI, and sync'd local
> ASPNET account passwords and am not terribly convinced of any of them.to> not using OLEDB so I can't use UDL. For bureaucratic reasons I can't use
> sync'd ASPNET accounts on all the network resources my application needsreference.> access. DPAPI seems to be the way to go, but it seems outlandishly
> complicated to implement--unless of course I haven't found a good>
> Could someone point me in the right direction and/or comment on another
> possible solution?
>
>
> _____
> DC G
>
>
Paul Glavich Guest
-
DC Gringo #3 Re: securing data access via website
Got any good references on that?
_____
DC G
"Paul Glavich" <glav@aspalliance.com-NOSPAM> wrote in message
news:evkCR7Q1DHA.3224@tk2msftngp13.phx.gbl...defined> You could try putting a data access component into COM+ (as a serviced
> component), define the identity of the package/component as your preferred
> username/strong password, so that the COM+ component runs under theyour> strong identity and access the DB that way via integrated security, andanother> app would simply interface with that component.
>
> HTH
>
> --
> - Paul Glavich
>
>
> "DC Gringo" <dcgringo@visiontechnology.net> wrote in message
> news:eI1mZbL1DHA.2060@TK2MSFTNGP10.phx.gbl...> website.> > I would like to use anonymous access for a public access, Win2k/IIS> >
> > The database, however, should be accessed via a secured, strong-password
> > domain user account "company\ouraspnetuser". This database is onlocal> > physical Windows 2k server. I've looked into UDL, DPAPI, and sync'duse> I'm> > ASPNET account passwords and am not terribly convinced of any of them.> > not using OLEDB so I can't use UDL. For bureaucratic reasons I can't> to> > sync'd ASPNET accounts on all the network resources my application needs> reference.> > access. DPAPI seems to be the way to go, but it seems outlandishly
> > complicated to implement--unless of course I haven't found a good>> >
> > Could someone point me in the right direction and/or comment on another
> > possible solution?
> >
> >
> > _____
> > DC G
> >
> >
>
DC Gringo Guest
-
Alek Davis #4 Re: securing data access via website
DC,
Check out this article: "Protect It: Safeguard Database Connection Strings
and Other Sensitive Settings in Your Code" article
([url]http://msdn.microsoft.com/msdnmag/issues/03/11/ProtectYourData/[/url]). It
addresses some of your questions and has relevant references.
Alek
"DC Gringo" <dcgringo@visiontechnology.net> wrote in message
news:eI1mZbL1DHA.2060@TK2MSFTNGP10.phx.gbl...website.> I would like to use anonymous access for a public access, Win2k/IISI'm>
> The database, however, should be accessed via a secured, strong-password
> domain user account "company\ouraspnetuser". This database is on another
> physical Windows 2k server. I've looked into UDL, DPAPI, and sync'd local
> ASPNET account passwords and am not terribly convinced of any of them.to> not using OLEDB so I can't use UDL. For bureaucratic reasons I can't use
> sync'd ASPNET accounts on all the network resources my application needsreference.> access. DPAPI seems to be the way to go, but it seems outlandishly
> complicated to implement--unless of course I haven't found a good>
> Could someone point me in the right direction and/or comment on another
> possible solution?
>
>
> _____
> DC G
>
>
Alek Davis Guest
Reply With QuoteSimilar Questions and Discussions
Posting Permissions
- You may not post new threads
- You may post replies
- You may not post attachments
- You may not edit your posts
