November 21, 2005 at 3:50 am
Hi,
I was wondering how people set up user logons with Web - applications with the potential for a very high volume of user.
Is it best to use individual SQL logins for each potential web user or have a single web login to access SQL Server and have the user based application security built into user defined tables ?
What have others used ?
November 21, 2005 at 1:02 pm
Generally I setup a single account on the database server and use table(s) for user logins. I always encrypt the passwords, if nothing else with md5.
November 22, 2005 at 9:19 am
I'd usually setup the system so that the web app user (IWAM_ComputerName) / COM+ / Application Pool user is the only one with access to the DB, then do as mentioned above and have all ur users in tables with ur own validation stuff! The less security holes the better ... and every login is another hole!!
November 22, 2005 at 12:08 pm
Thanks Vinny and CTracey, This was the route we have been considering but it's re-assuring to know of others using said route
Viewing 4 posts - 1 through 3 (of 3 total)
You must be logged in to reply to this topic. Login to reply