Home Forums Article Discussions Article Discussions by Author Discuss Content Posted by Brian Kelley SQL Server Security: Pros and Cons of Application Roles RE: SQL Server Security: Pros and Cons of Application Roles

  • July 25, 2008 at 11:04 am

    #848597

    reuben.anderson (7/25/2008)

    Yes, Web applications that I see these days all seem to use a single generic login which is stored, hopefully encrypted, into web.config.

    Shouldn't the SQL 2005 implementation of application roles permit these web app developers to use integrated authentication? I guess that depends on the app as well - guest users coming from www won't have domain accounts.

    It depends on the location of the web server. If the web server is in the DMZ, it shouldn't be on a trusted domain. That means no Windows authentication. With that said, application roles can be used with either.

    K. Brian Kelley
    @kbriankelley