SQL Security in ASP

From: CJM (cjmwork@yahoo.co.uk)
Date: 09/16/02

• Next message: Jeffrey L. Woods: "SQL7 Column-level constraints/filters possible?"
• Previous message: CJM: "SQL Security in ASP Applications"
• Next in thread: Tom Kaminski [MVP]: "Re: SQL Security in ASP"
• Reply: Tom Kaminski [MVP]: "Re: SQL Security in ASP"
• Reply: Refd0m: "Re: SQL Security in ASP"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

From: "CJM" <cjmwork@yahoo.co.uk>
Date: Mon, 16 Sep 2002 17:50:22 +0100

I am developing the the first of several intranet applications that access
SQL 2000 through ASP. This is my first time doing this; previously I've
always used Access97/2k.

I'm am trying to settle on a security model, that is effective, but is quick
and not cumbersome. Following on from my Access work, I realise I could use
the same technicque: have users login in to the site and restrict access to
the DB by restricting users access to certain ASPs and by checking the user
credentials on a page by page basis.... basically, keeping unauthorised
users away from particular application functions.

This has always worked well for me, and would be fine in this scenario.
However, since I am creating the first of many, and since SQL has fairly
sophisticated security features (to the layman) built-in, I though now would
be a suitable time to change to a new regime.

So...... do I stick with what I have got, or are there some neat features in
SQL that can help me do a better job?

To re-iterate, I think I'm more interested in function-level security that
field-level security, so solutions that go down to the nth degree wont be
appropriate.

Cheers

CJM

---

• Next message: Jeffrey L. Woods: "SQL7 Column-level constraints/filters possible?"
• Previous message: CJM: "SQL Security in ASP Applications"
• Next in thread: Tom Kaminski [MVP]: "Re: SQL Security in ASP"
• Reply: Tom Kaminski [MVP]: "Re: SQL Security in ASP"
• Reply: Refd0m: "Re: SQL Security in ASP"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages Re: rules to allow user to only be on a table for a week ... Access has very good built-in security. ... Just new to access and asp and would like to know if an idea I have would ... The first time a user acesses the account, ... (microsoft.public.access.tablesdbdesign) RE: ASP Security ... Security issues regarding .asp codes is only a small part of a security ... what you are looking for is articles about "sql injection" ... (Vuln-Dev) SQL Security in ASP Applications ... SQL 2000 through ASP. ... This is my first time doing this; ... I'm am trying to settle on a security model, that is effective, but is quick ... (microsoft.public.sqlserver.security) Re: SQL Security in ASP ... > SQL 2000 through ASP. ... This is my first time doing this; ... > I'm am trying to settle on a security model, that is effective, but is ... (microsoft.public.sqlserver.security) RE: SQL Slammer doing the rounds again? ... SQL Slammer doing the rounds again? ... "I used to hate writing assignments, ... > Security Business Unit ... > at the largest, most highly-anticipated industry ... (Incidents)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(14)