Home | Contact Us | FAQ | Search & Site Map | Link to Us
Sign In | Join | Other 45 Sites in Network
Home
Discussion Groups
DB Engine
SQL ServerMSDESQL Server CE
Services
Analysis (Data Mining)Analysis (OLAP)DTSIntegration ServicesNotification ServicesReporting Services
Programming
CLRConnectivitySQLXML
Other Technologies
ClusteringEnglish QueryFull-Text SearchReplicationService Broker
General
Data WarehousingPerformanceSecuritySetupSQL Server ToolsOther SQL Server Topics
DirectoryUser Groups
Related Topics
MS AccessOther DB ProductsMS Server Products.NET DevelopmentVB DevelopmentJava DevelopmentMore Topics ...
SQL Server Forum / General / Security / May 2006

Tip: Looking for answers? Try searching our database.

Windows authentication to sql server 2000 question

Thread view: 
Enable EMail Alerts  Start New Thread
Thread rating: 
J - 18 May 2006 19:20 GMT
Hello.  I was wondering which method is the better security practice since I
read that windows authentication is better than my preferred method of sql
login authentication wrapped in https.  I'm creating an .asp database
application using windows basic authentication wrapped in https to our sql
server which is on a different domain.  When the user goes to access the
.asp app's initial page the windows basic authentication popup displays
which upon the user successfully supplying valid credentials...

a) should I have an immediate database connection to the sql server
initiated that is open throughout their .asp application session?...
b) or should I not make any calls to the sql server until they need to
request data on those certain .asp pages?

I'm just wondering because I use the sql profiler to see activity and failed
login attempts and if (b) is the better way to go and in doing this method
sql profiler doesn't write failed login attempts to a db from the windows
authentication level.

Hope I wasn't confusing in asking my question.

J
Reply to this Message
Randy - 22 May 2006 15:49 GMT
From an asp point of view it is better to only have a SQL Server connection
only when you actually need to hit the database.
Having a connection open for the entire session wastes resources and I am
not positive, but I think could be an issue with licensing.  But again not
100% sure on that.
Randy

> Hello.  I was wondering which method is the better security practice since I
> read that windows authentication is better than my preferred method of sql
[quoted text clipped - 17 lines]
>
> J
Reply to this Message
J - 22 May 2006 17:58 GMT
Thanks a bunch Randy for your response.  I appreciate it.

So do you think I'm setting things up "properly" or the appropriate way of
creating an .asp db app using windows authentication to sql server in that
the user would go to an inital say "index.asp" start page which needs valid
windows authentication credentials to access this and the sub folders which
then after successful access then the user would be able to execute the
other .asp pages that call to the db?  Also, is the best way of ending this
application session and access to the db from windows authentication is for
the user to simply close their IE browser?

Thanks again Randy.

J

> From an asp point of view it is better to only have a SQL Server
> connection
[quoted text clipped - 30 lines]
>>
>> J
Reply to this Message
 
Sign In
Join
My Latest Posts
My Monitored Threads
My Blog
My Photo Gallery
My Profile
My Homepage
Start New Thread
Enable EMail Alerts
Rate this Thread



©2009 Advenet LLC   Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.