Re: Access Sql server 2005 from .net class library

From: Erland Sommarskog <esquel@xxxxxxxxxxxxx>
Date: Wed, 11 Jul 2007 21:23:03 +0000 (UTC)

lankylad (lankylad@xxxxxxxxxxxxxxxxxxxxxxxxx) writes:

All the advice from Microsoft seems to be to avoid mixed authentication,
so I have been trying to use only Windows Authentication.

I was involved in a thread recently, where people with more experience than
me of ASP .Net appeared to say that SQL Authentication is the way to. See
http://groups.google.com/group/microsoft.public.dotnet.languages.csharp/browse_thread/thread/490bcd10eb414fff/9387d0c3d4840065?lnk=st&q=&rnum=1&hl=sv#9387d0c3d4840065

SQL authentication on SQL 2000 has a couple of problems. The password is
passed only lightly masked, and there is no protection against brute force
attacks. SQL 2005 on Win 2003 is better protected against the latter.
But you should not expose SQL Server on the Internet if possible.

--
Erland Sommarskog, SQL Server MVP, esquel@xxxxxxxxxxxxx

Books Online for SQL Server 2005 at
http://www.microsoft.com/technet/prodtechnol/sql/2005/downloads/books.mspx
Books Online for SQL Server 2000 at
http://www.microsoft.com/sql/prodinfo/previousversions/books.mspx
.

References:
- Re: Access Sql server 2005 from .net class library
  - From: Roman Rehak
- Re: Access Sql server 2005 from .net class library
  - From: bass_player [SBS-MVP]
- Re: Access Sql server 2005 from .net class library
  - From: Erland Sommarskog
- Re: Access Sql server 2005 from .net class library
  - From: Erland Sommarskog

Prev by Date: Re: How can I see what permissions "VIEW SERVER STATE" has?
Next by Date: Re: Assign permissions to allow updates but deny select on table
Previous by thread: Re: Access Sql server 2005 from .net class library
Next by thread: Re: DB Role and DBO
Index(es):
- Date
- Thread

Relevant Pages

Re: Windows Authentication in asp.net 2005 to SQL Server?
... If the domains do not trust each other, Windows authentication is not going ... Basic authentication sometimes makes the need for Kerberos delegation go ... generic account to do the backend data stuff on our SQL Server. ...
(microsoft.public.dotnet.framework.aspnet.security)
Re: I dont want to re-invent the Login/Login Wheel - Help with utilities
... Yes, if you use .NET1.1, there isn't built-in login control, and more importanltly there isn't ready-to-use membership component to use. ... the membership provider uses SQL Server or SQL Server Express. ... We feel that having the capability to force password change would be a better benefit in securing our application and data access. ... Both Windows authentication and authorization wolud be be fine if we wanted the world to have access to our application data, but not very intuitive for maintaining integrity over our data. ...
(microsoft.public.vstudio.general)
RE: IIS (ASP) -> SQLServer Authentication Issue
... I understand that you'd like to use IIS Intergration authentication in the ... and ASP "impersonates" authencitaed users to access SQL Server on ... only kerberos authentication allows double-hops from clients ...
(microsoft.public.sqlserver.security)
Re: SBS Premium Edition .. what way is SQL licenced
... Another thing to note in using your SQL Server as a backend database is the ... concept of Forms-based authentication and Integrated Windows authentication. ... thereby requiring individual CALs to access SQL Server. ... Chad A. Gross - SBS MVP ...
(microsoft.public.windows.server.sbs)
Unable to Serialize.
... I have a remote Sql Server Instance locally. ... Unable to serialize the session state. ... session state store in 'Custom' mode. ... This section sets the authentication policies of the ...
(microsoft.public.dotnet.framework.aspnet)