Re: why not SQL Authentication?

From: Pavlos Kariotellis (pkario_at_eie.gr)
Date: 03/29/05 

Date: Tue, 29 Mar 2005 12:07:31 +0300

My application is serving small businesses. Each one has its own DB. Most of
the time there is one user per DB. This user my be connected all day long.
To use connection pooling I'l have to log all the users to one DB and the
switch them to appropriate DB. I think this creates a security risk.

"Brock Allen" <ballen@NOSPAMdevelop.com> wrote in message
news:283855632475988240591776@msnews.microsoft.com...
> The main drawback of SqlAuthentication (authing from browser thru website
> thru database) is that connections can't be pooled. For some websites this
> is not a concern, but for others where you have huge volume (and/or you're
> not doing windows auth against the clients) if you use the client's creds
> for SqlAuth then that's an independant connection. So 1000 users on your
> site, that's 1000 distinct connections. If you use the same credentials
> (like a "SqlUser" account) then those connections get pooled and thus
> shared. It's a performance enhancement.
>
> -Brock
> DevelopMentor
> http://staff.develop.com/ballen
>
>
>
>> With Forms authentication and SQL Server, MS recommends creating a
>> User
>> table and storing user names and password hashes to that table.
>> http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnne
>> tsec/html/SecNetHT03.aspThey go on proposing a Roles table and so on.I
>> wonder why not just use SQL Server authentication and just try to
>> loginwith the user supplied credentials?
>
>
>

Relevant Pages

  • Re: Error "SQL Server does not allow remote connections"
    ... The application could not connect to the sql server db. ... network is blocking the connection. ... SqlInternalConnectionTds connHandler, Boolean ignoreSniOpenTimeout, Int64 ... integratedSecurity, SqlConnection owningObject) +737554 ...
    (microsoft.public.dotnet.framework.aspnet)
  • Re: Connection from remote computer to network SQL Server
    ... There is no firewall on the W2K machine acting as the SQL server. ... I tried making the SQL machine a "trusted" on the router. ... connection works. ... To find the IP address of your computer inside the network, ...
    (microsoft.public.access.adp.sqlserver)
  • ADO.net Orcas Samples Install Problem
    ... An error has occurred while establishing a connection to the server. ... When connecting to SQL Server 2005, this failure may be caused by the ... SqlInternalConnectionTds connHandler, Boolean ignoreSniOpenTimeout, ... or am I better off with a full SQL Server install. ...
    (microsoft.public.dotnet.framework.adonet)
  • Re: Exception trying to import data from Excel .
    ... An attempt to install Microsoft SQL Server 2005 this week has not gone ... The connection type "EXCEL" specified for connection manager ... to create a connection manager for an unknown connection type. ...
    (microsoft.public.sqlserver.tools)
  • Re: SQL Compact Edition - Connection Pool --> Slow!
    ... You might want to check out my EBook on SQL Server Compact. ... Hitchhiker's Guide to Visual Studio and SQL Server ... and Hitchhiker's Guide to SQL Server 2005 Compact Edition (EBook) ... mind (--> get a connection, use it and release it as soon as possible ...
    (microsoft.public.sqlserver.ce)