Home | Contact Us | FAQ | Search & Site Map | Link to Us
Sign In | Join | Other 45 Sites in Network
Home
Discussion Groups
DB Engine
SQL ServerMSDESQL Server CE
Services
Analysis (Data Mining)Analysis (OLAP)DTSIntegration ServicesNotification ServicesReporting Services
Programming
CLRConnectivitySQLXML
Other Technologies
ClusteringEnglish QueryFull-Text SearchReplicationService Broker
General
Data WarehousingPerformanceSecuritySetupSQL Server ToolsOther SQL Server Topics
DirectoryUser Groups
Related Topics
MS AccessOther DB ProductsMS Server Products.NET DevelopmentVB DevelopmentJava DevelopmentMore Topics ...
SQL Server Forum / General / Security / August 2007

Tip: Looking for answers? Try searching our database.

Users , Web Application and SQL Server back end - Beginner Questio

Thread view: 
Enable EMail Alerts  Start New Thread
Thread rating: 
Natasha - 14 Aug 2007 08:36 GMT
Hello

I have developed a java based Web application that is using SQL Server 2005
as its back-end. Below is the sample case of using the system:

Many users access the site and the site gives them ability to register.
There are two types of users ,  admins and users. Both types can read or
change data, admin just has access to some extra tables.

What I have currently implemented is as follows:
Table users:
user-id  user-type   password
a1           admin      s1
b1           user        s2
etc

When JDBC tries to connect to SQL Server , it uses a single user name and
password (user : user1 and password:pass1) which has access to database and
read and write permission.

The individual access level of Web users is handled through code , if they
are admin then more Web pages are shown to them.

As I am new to SQL Server , I deeply appreciate your recommendation about
this design choice I have made; I also appreciate any reading material.

If this is not the correct newsgroup, kindly let me know.

Best
Natasha
Reply to this Message
Uri Dimant - 14 Aug 2007 08:55 GMT
Natasha

Create table Users (userid int not null primary key, user_name varchar(50)
not null,usertypeid int referenced usertypes(usertypeid))
Create table UserTypes (usertypeid int not null primary key, typename
varchar(20))

About stroring the pasword . In SQL Server 2005 you can encrypt, please read
the article
http://blogs.msdn.com/lcris/---Enscrypt

NOTICE: Always use stored procedure or parameterized query to indetify the
users in order to avoid SQL Injection

Also good info are here
http://blogs.msdn.com/yukondoit/articles/480854.aspx  -Security

BTW , do you speak russian?:-))

> Hello
>
[quoted text clipped - 28 lines]
> Best
> Natasha
Reply to this Message
Natasha - 17 Aug 2007 07:36 GMT
Thank you for your answer.

No , I don't speack russian :)

> Natasha
>
[quoted text clipped - 47 lines]
> > Best
> > Natasha
Reply to this Message
 
Sign In
Join
My Latest Posts
My Monitored Threads
My Blog
My Photo Gallery
My Profile
My Homepage
Start New Thread
Enable EMail Alerts
Rate this Thread



©2009 Advenet LLC   Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.