Securing a web DB
From: Murali (diffs@vsnl.com)
Date: 11/29/02
- Next message: Kim: "Local system permissions"
- Previous message: Ricky Artigas: "Deleting BUILTIN\Administrators"
- Next in thread: Kresimir Radosevic: "Re: Securing a web DB"
- Reply: Kresimir Radosevic: "Re: Securing a web DB"
- Reply: Mary Chipman: "Re: Securing a web DB"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Murali" <diffs@vsnl.com> Date: Fri, 29 Nov 2002 12:48:16 +0530
Hi,
We are putting up a ASP.NET based web site using SQL Server database.
Users of the web site get to see confidential data. All of them have to
login to look at data.
Eventually the site will be SSLed to protect it from password hacking.
The way the s/w is designed currently is to read the connection string (db
name, uid, password) from an XML file and establish connection to the DB.
We are planning to host the site with as ISP.
One of the requirements is that the ISP should not be able to "easily"
access the SQL database.
Firstly, we are planning to use SQL server authentication (and not Win 2K
integrated login) for the database.
We want to ensure that the Web host administrator does not read XML file and
get to know the SQL server password.
One suggestion is to encrypt the password (or connect string) and store this
in XML.
What do others do in these situations ? Any ideas / URLs are welcome
Murali
-- Differentiated Software Solutions Pvt. Ltd., 90, 3rd Cross,2nd Main, Ganga Nagar, Bangalore - 560 032 Phone : 91 80 3631445, 3431470 Visit us at www.diffsoft.com
- Next message: Kim: "Local system permissions"
- Previous message: Ricky Artigas: "Deleting BUILTIN\Administrators"
- Next in thread: Kresimir Radosevic: "Re: Securing a web DB"
- Reply: Kresimir Radosevic: "Re: Securing a web DB"
- Reply: Mary Chipman: "Re: Securing a web DB"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
