Re: Securing a web DB
From: Mary Chipman (mchip@nomail.please)
Date: 11/30/02
- Next message: BP Margolin: "Re: db_owner Role (SQL Server 7.0 v/s SQL Server 2000)"
- Previous message: Mary Chipman: "Re: Access link table security"
- In reply to: Murali: "Securing a web DB"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: Mary Chipman <mchip@nomail.please> Date: Sat, 30 Nov 2002 12:16:05 -0500
Microsoft has just published a new best practices whitepaper on
asp.net security that you'll want to take a look at.
http://www.microsoft.com/downloads/release.asp?ReleaseID=44047
-- Mary
MCW Technologies
http://www.mcwtech.com
On Fri, 29 Nov 2002 12:48:16 +0530, "Murali" <diffs@vsnl.com> wrote:
>Hi,
>
>We are putting up a ASP.NET based web site using SQL Server database.
>
>Users of the web site get to see confidential data. All of them have to
>login to look at data.
>Eventually the site will be SSLed to protect it from password hacking.
>
>The way the s/w is designed currently is to read the connection string (db
>name, uid, password) from an XML file and establish connection to the DB.
>
>We are planning to host the site with as ISP.
>One of the requirements is that the ISP should not be able to "easily"
>access the SQL database.
>Firstly, we are planning to use SQL server authentication (and not Win 2K
>integrated login) for the database.
>We want to ensure that the Web host administrator does not read XML file and
>get to know the SQL server password.
>One suggestion is to encrypt the password (or connect string) and store this
>in XML.
>
>What do others do in these situations ? Any ideas / URLs are welcome
>
>Murali
- Next message: BP Margolin: "Re: db_owner Role (SQL Server 7.0 v/s SQL Server 2000)"
- Previous message: Mary Chipman: "Re: Access link table security"
- In reply to: Murali: "Securing a web DB"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
