Re: Windows authentication to sql server 2000 question

Thanks a bunch Randy for your response. I appreciate it.

So do you think I'm setting things up "properly" or the appropriate way of
creating an .asp db app using windows authentication to sql server in that
the user would go to an inital say "index.asp" start page which needs valid
windows authentication credentials to access this and the sub folders which
then after successful access then the user would be able to execute the
other .asp pages that call to the db? Also, is the best way of ending this
application session and access to the db from windows authentication is for
the user to simply close their IE browser?

Thanks again Randy.

J

"Randy" <Randy@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:4D345118-8D84-4F0D-858D-D25CCD65D88C@xxxxxxxxxxxxxxxx
From an asp point of view it is better to only have a SQL Server
connection
only when you actually need to hit the database.
Having a connection open for the entire session wastes resources and I am
not positive, but I think could be an issue with licensing. But again not
100% sure on that.
Randy

"J" wrote:

Hello. I was wondering which method is the better security practice
since I
read that windows authentication is better than my preferred method of
sql
login authentication wrapped in https. I'm creating an .asp database
application using windows basic authentication wrapped in https to our
sql
server which is on a different domain. When the user goes to access the
..asp app's initial page the windows basic authentication popup displays
which upon the user successfully supplying valid credentials...

a) should I have an immediate database connection to the sql server
initiated that is open throughout their .asp application session?...
b) or should I not make any calls to the sql server until they need to
request data on those certain .asp pages?

I'm just wondering because I use the sql profiler to see activity and
failed
login attempts and if (b) is the better way to go and in doing this
method
sql profiler doesn't write failed login attempts to a db from the windows
authentication level.

Hope I wasn't confusing in asking my question.

J





.

Relevant Pages

  • Re: Using SQl to store aspx pages and memory problems
    ... I don't believe that SQL is my problem - the time it takes to do the remote ... of the fundamental differances between asp and asp.net. ... > time which is probably longer than any HTTP request. ... In a sense you are using SQL Server as a web ...
    (microsoft.public.dotnet.framework.aspnet)
  • .net 2.0 DataList security
    ... Being a classic .asp programmer I'm very fond of the idea of using the drag ... server to our database SQL Server 2000 server (which is on a different ... each user that accesses the data to our SQL Server database. ... I guess I'm not too clear on the back end things with this DataList control ...
    (microsoft.public.dotnet.framework.aspnet.security)
  • Re: Login failed for ServerGuest
    ... SQL Server clients are authenticated as guests if Simple ... >| I have noticed that when I try to log in using Windows Authentication ... >|> You can enable the guest account but that's a security risk ...
    (microsoft.public.sqlserver.connect)
  • Re: integrated security over vpn
    ... SQL 2000 is using Windows Authentication, and I can access tables, Stored ... > Are you using Windows authentication with SQL Server or SQL Server ... > easy to do on a home machine scenario as I would expect the home machine ...
    (microsoft.public.dotnet.security)
  • Re: SQL Server Authentication
    ... I'm sorry to hear you are having some troubles with SQL authentication. ... can I would love to persuade you to use Windows authentication if at all ... > With VSTO using Visual Studio 2005, has anyone manage to use SQL Server ...
    (microsoft.public.vsnet.vstools.office)