Re: Auditing changes...By developers
- From: K. Brian Kelley <brian_kelley@xxxxxxxxxxxxxxxxxxxxx>
- Date: Tue, 20 Mar 2007 22:01:14 +0000 (UTC)
Thanks, Brian!
I've actually made this recommendation in my "Most Secure" plan...It
will just take some time to get the code changes in place. (Currently,
the application reads the credentials from a two-way encrypted file
using TripleDES). I like the idea of a protected connection
string...Perhaps a compiled .dll in the hands of the DBA (myself)?
These are good recommendations...I appreciate it! If you have any
more thoughts, I would love to hear them.
-Joseph
If it's an ASP.Net application, take a look at aspnet_setreg.exe. More here:
http://support.microsoft.com/kb/329290
Our implementation folks use this for our ASP.NET applications so that the connection string can be stored encrypted in the registry.
K. Brian Kelley, brian underscore kelley at sqlpass dot org
http://www.truthsolutions.com/
.
- References:
- Re: Auditing changes...By developers
- From: Joseph
- Re: Auditing changes...By developers
- Prev by Date: Re: How to deny information schema views...
- Next by Date: Re: How to deny information schema views...
- Previous by thread: Re: Auditing changes...By developers
- Next by thread: Re: How to deny information schema views...
- Index(es):
