Securing a web DB
From: Murali Vasudevan (diffs@vsnl.com)
Date: 11/29/02
- Next message: Tracker: "Hi. My name is Debbie. I am an idiot"
- Previous message: Dazz: "Re: A Royal Name"
- Next in thread: Dustin Puryear: "Re: Securing a web DB"
- Reply: Dustin Puryear: "Re: Securing a web DB"
- Reply: Paddy: "Re: Securing a web DB"
- Reply: Murali Vasudevan: "Re: Securing a web DB"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Murali Vasudevan" <diffs@vsnl.com> Date: Fri, 29 Nov 2002 12:40:20 +0530
Hi,
We are putting up a ASP.NET based web site using SQL Server database.
Users of the web site get to see confidential data. All of them have to
login to look at data.
Eventually the site will be SSLed to protect it from password hacking.
The way the s/w is designed currently is to read the connection string (db
name, uid, password) from an XML file and establish connection to the DB.
We are planning to host the site with as ISP.
One of the requirements is that the ISP should not be able to "easily"
access the SQL database.
Firstly, we are planning to use SQL server authentication (and not Win 2K
integrated login) for the database.
We want to ensure that the Web host administrator does not read XML file and
get to know the SQL server password.
One suggestion is to encrypt the password (or connect string) and store this
in XML.
What do others do in these situations ? Any ideas are welcome.
Murali
-- Differentiated Software Solutions Pvt. Ltd., 90, 3rd Cross,2nd Main, Ganga Nagar, Bangalore - 560 032 Phone : 91 80 3631445, 3431470 Visit us at www.diffsoft.com
- Next message: Tracker: "Hi. My name is Debbie. I am an idiot"
- Previous message: Dazz: "Re: A Royal Name"
- Next in thread: Dustin Puryear: "Re: Securing a web DB"
- Reply: Dustin Puryear: "Re: Securing a web DB"
- Reply: Paddy: "Re: Securing a web DB"
- Reply: Murali Vasudevan: "Re: Securing a web DB"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
