Re: Why Windows Authentication?
From: Jason Mauss (jason.mauss_at_nospamgmail.com)
Date: 03/30/05
- Previous message: len: "Remote server Error..."
- In reply to: Jacco Schalkwijk: "Re: Why Windows Authentication?"
- Next in thread: Jacco Schalkwijk: "Re: Why Windows Authentication?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 30 Mar 2005 10:54:13 -0800
Ok, now I'm starting to see some more advantages...
I assume the most secure and manageable way to implement user name/password
for a web application would be to use an application role and create a
certain windows user account for your web application then. Am I right?
"Jacco Schalkwijk" <jacco.please.reply@to.newsgroups.mvps.org.invalid> wrote
in message news:OLF60hUNFHA.2356@TK2MSFTNGP14.phx.gbl...
> User has to fill in another login screen.
>
> --
> Jacco Schalkwijk
> SQL Server MVP
>
>
> "Tibor Karaszi" <tibor_please.no.email_karaszi@hotmail.nomail.com> wrote
in
> message news:ekYzQOUNFHA.2748@TK2MSFTNGP09.phx.gbl...
> > Other disadvantaged with SQL Server logins:
> >
> > Yet another password to remember, write down, waiting to be stolen
> > No enforcement to change password after x number of days
> > No rules for password complexity
> >
> >
> > --
> > Tibor Karaszi, SQL Server MVP
> > http://www.karaszi.com/sqlserver/default.asp
> > http://www.solidqualitylearning.com/
> > http://www.sqlug.se/
> >
> >
> > "Jason Mauss" <jason.mauss@nospamgmail.com> wrote in message
> > news:e4YWPCUNFHA.3760@TK2MSFTNGP12.phx.gbl...
> >> So the only reason I've heard of so far is that the password encryption
> >> is
> >> less secure than Windows. That can't be the only reason...?
> >>
> >> Jason
> >>
> >> "Jacco Schalkwijk" <jacco.please.reply@to.newsgroups.mvps.org.invalid>
> >> wrote
> >> in message news:OQDNVZKNFHA.1436@TK2MSFTNGP10.phx.gbl...
> >>> The credentials when using SQL Server authentication are not passed as
> >> clear
> >>> text, but the encryption is not very strong either. If you capture the
> >>> password in encrypted form, it is possible to decrypt it without
> >> additional
> >>> information (like a private key).
> >>>
> >>> --
> >>> Jacco Schalkwijk
> >>> SQL Server MVP
> >>>
> >>>
> >>> "pdxJaxon" <GregoryAJackson@Hotmail.com> wrote in message
> >>> news:%234$wwPKNFHA.1948@TK2MSFTNGP14.phx.gbl...
> >>> > lots of reasons.
> >>> >
> >>> > One of the main things is that SQL credentials are passed clear
text.
> >>> >
> >>> > yes you can use groups\roles etc
> >>> >
> >>> >
> >>> > Greg Jackson
> >>> > PDX, Oregon
> >>> >
> >>>
> >>>
> >>
> >>
> >
> >
>
>
- Previous message: len: "Remote server Error..."
- In reply to: Jacco Schalkwijk: "Re: Why Windows Authentication?"
- Next in thread: Jacco Schalkwijk: "Re: Why Windows Authentication?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
