January 11, 2006 at 9:48 pm
Hi Guys,
I'm pretty new to administration of SQL, I have multiple applications using the same login ID for access to the SQL server.
My concerns as following:
1. Will there be any impact on performance on either the SQL server or application servers since all apps use the same login ID & therefore increasing response latency.
2. Is this a bad security practice.
3. The web app server read SQL access settings thru a file which is easily read on notepad, where the userid & password is on clear text & without any encryption, i feel that this might pose a security risk.
January 12, 2006 at 7:20 am
1. I cannot figure out any impact on performance or response latency.
2. It depends. If all these apps require similar priviledges, using the same login decreases the logins exposed to the outside, and thus good to secure your database.
If these apps require different priviledges or access different data, using same login prevents you from defining the exact priviledges for each app and thus a security problem(some apps have unecessary priviledges ).
And using the same login sometimes maybe inconvenient to debug issues. Eg. all the apps use ado.net and running on the same server. From sysprocesses table, it's difficult to know which process (SPID) belongs to which app.
3. THis is really bad. the password needs to be encrypted or use trusted connection.
January 13, 2006 at 2:58 am
just to add to peterhe's reply :
1) connection pooling works for the full connection string. and must match each and every bit of it to be reusable from the pool. The number of connections that in being generated depends on the way your application creates connections of issues firehose queries.
2) don't use SA for application account. This is simply a not done thing !
If you want to create an account for every application or for avery set of authorities, that's a political issue.
but check the connectionstrings (profiler) to see of you can provide accurate application separation to support performance/locking monitoring or auditing
3) encryption can be quiet easy to meet your needs e.g. convert to hex.
Public Function Decrypt(ByVal thisText As String) As String
Dim data() As Byte = Convert.FromBase64String(thisText)
Return System.Text.ASCIIEncoding.ASCII.GetString(data)
End Function
Public Function Encrypt(ByVal thisText As String) As String
Dim data() As Byte = System.Text.ASCIIEncoding.ASCII.GetBytes(thisText)
Return Convert.ToBase64String(data)
End Function
Johan
Learn to play, play to learn !
Dont drive faster than your guardian angel can fly ...
but keeping both feet on the ground wont get you anywhere :w00t:
- How to post Performance Problems
- How to post data/code to get the best help[/url]
- How to prevent a sore throat after hours of presenting ppt
press F1 for solution, press shift+F1 for urgent solution 😀
Need a bit of Powershell? How about this
Who am I ? Sometimes this is me but most of the time this is me
Viewing 3 posts - 1 through 3 (of 3 total)
You must be logged in to reply to this topic. Login to reply