Re: ASP.NET, Win2k, SQL 2k on an intranet (w/Kerberos?)

From: Tom Kaminski [MVP] ((A_at_T))
Date: 05/22/03 

Date: Thu, 22 May 2003 14:07:54 -0400

"Mike Lerch" <mlerchNOSPAMTHANKS@nycap.rr.com> wrote in message
news:sp0qcv85qt9i7n5o2sd9otj9jj6d1ija4j@4ax.com...
> Also a more general question: are there inherent security risks in
> using kerberos/delegation?

I can't answer that - but in an intranet environment I never understood the
point of the extra layer of security of authenticating the users to the DB.
Write your web app such that users must authenticate to IIS and only have
access to the appropriate DB functionality. Just give your devs and admins
access to the database, plus a dummy "service" type account to be used in
the web app connection string. This is much easier to manage. 

-- 
Tom Kaminski IIS MVP
http://www.iistoolshed.com/ - tools, scripts, and utilities for running IIS
http://mvp.support.microsoft.com/
http://www.microsoft.com/windowsserver2003/community/centers/iis/
Quantcast