Windows authentication to sql server 2000 question
- From: "J" <IDontLikeSpam@xxxxxxxxxxx>
- Date: Thu, 18 May 2006 11:20:11 -0700
Hello. I was wondering which method is the better security practice since I
read that windows authentication is better than my preferred method of sql
login authentication wrapped in https. I'm creating an .asp database
application using windows basic authentication wrapped in https to our sql
server which is on a different domain. When the user goes to access the
..asp app's initial page the windows basic authentication popup displays
which upon the user successfully supplying valid credentials...
a) should I have an immediate database connection to the sql server
initiated that is open throughout their .asp application session?...
b) or should I not make any calls to the sql server until they need to
request data on those certain .asp pages?
I'm just wondering because I use the sql profiler to see activity and failed
login attempts and if (b) is the better way to go and in doing this method
sql profiler doesn't write failed login attempts to a db from the windows
authentication level.
Hope I wasn't confusing in asking my question.
J
.
- Prev by Date: Restrict Key to SA only in SQL 2005
- Next by Date: Re: Encrypting data in SQL 2005
- Previous by thread: Restrict Key to SA only in SQL 2005
- Next by thread: Re: Windows authentication to sql server 2000 question
- Index(es):
Relevant Pages
|
|
