Ask a Question related to ASP.NET Security, Design and Development.
-
Peter #1
What security model do you recommend ?
Given..
We are developing web apps using SQLServer and Oracle databases
We want to take advantage of connection pooling
We are currently using ASP but will be moving to ASP.NET
Should we use a single data access account ? Where should this be stored
This approach, however, would allow an unscrupulous developer to determine the passwor
of the account. S/He could include a page that displays the properties of a connection
Currently, we have an app/SQLServer tables/com component that activates roles for users based on
their role membership (in our custom security tables)
The problem with this approach is that the connections cannot be pooled because onc
a role has been activated on a connection, it cannot be used for anything else an
will throw an error if another role attempts to be activated. Therefore we disable
connection pooling
Any advice would be appreciated
Thanks
....Peter
Peter Guest
-
Crossdomain.xml under new security model
I was informed that an old web site a vendor developed for us was no longer working. After some digging I discovered the problem is related to the... -
model showing in 3d editor but not in castmember model list
Hi all, Ok this is a little odd... I have 3d cast member from which I'm clonefromcastmember-ing a model. One of this model's children is... -
ASP/DB Security Model Advice
ENVIRONMENT: Windows 2000 Professional (sp3) Internet Information Server (5.0) Active Server Pages (3.0) VBScript (5.6) Microsoft SQL Server... -
Security model guidelines - Server-centric implementation - Win2K3 - dotNet
Greetings, a) Server environment : Windows 2003 Standard b) Database: SQL Server 2000 c) Development: Combination of VB6 COM+ , ASP.NET, and... -
Model within model transform.position, intersection, overlapping models
Ok, I have a large sphere, and within that sphere a sun with rays. The sun object is the parent object while each individual ray is a child object. ... -
avnrao #2 Re: What security model do you recommend ?
to leverage on connection pooling, single identity should be used to connect
to data source. general pattern is to create one windows user and give DB
permissions to that account and use the same.
In your case, you have roles created for all users right? are they used for
partitioning the data in databases. what i am saying is, are these roles
created only for data access and segregation? if so you can go ahead using
one single identity.
Av.
"Peter" <anonymous@discussions.microsoft.com> wrote in message
news:081A073E-3108-4F9A-834B-543CD0901A27@microsoft.com...> Given...
> We are developing web apps using SQLServer and Oracle databases.
> We want to take advantage of connection pooling.
> We are currently using ASP but will be moving to ASP.NET.
>
> Should we use a single data access account ? Where should this be stored
> ?
>
> This approach, however, would allow an unscrupulous developer to determine
> the password
> of the account. S/He could include a page that displays the properties of
> a connection.
>
> Currently, we have an app/SQLServer tables/com component that activates
> roles for users based on
> their role membership (in our custom security tables).
>
> The problem with this approach is that the connections cannot be pooled
> because once
> a role has been activated on a connection, it cannot be used for anything
> else and
> will throw an error if another role attempts to be activated. Therefore
> we disabled
> connection pooling.
>
> Any advice would be appreciated.
>
> Thanks,
>
> ...Peter
avnrao Guest
Reply With QuoteSimilar Questions and Discussions
Posting Permissions
- You may not post new threads
- You may post replies
- You may not post attachments
- You may not edit your posts
