Re: Users , Web Application and SQL Server back end - Beginner Questio

From: "Uri Dimant" <urid@xxxxxxxxxxx>
Date: Tue, 14 Aug 2007 10:55:20 +0300

Natasha

Create table Users (userid int not null primary key, user_name varchar(50)
not null,usertypeid int referenced usertypes(usertypeid))
Create table UserTypes (usertypeid int not null primary key, typename
varchar(20))

About stroring the pasword . In SQL Server 2005 you can encrypt, please read
the article
http://blogs.msdn.com/lcris/---Enscrypt

NOTICE: Always use stored procedure or parameterized query to indetify the
users in order to avoid SQL Injection

Also good info are here
http://blogs.msdn.com/yukondoit/articles/480854.aspx -Security

BTW , do you speak russian?:-))

"Natasha" <Natasha@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:CA28D7FC-6C09-4D6B-92AA-E393C204C3E2@xxxxxxxxxxxxxxxx

Hello

I have developed a java based Web application that is using SQL Server
2005
as its back-end. Below is the sample case of using the system:

Many users access the site and the site gives them ability to register.
There are two types of users , admins and users. Both types can read or
change data, admin just has access to some extra tables.

What I have currently implemented is as follows:
Table users:
user-id user-type password
a1 admin s1
b1 user s2
etc

When JDBC tries to connect to SQL Server , it uses a single user name and
password (user : user1 and password:pass1) which has access to database
and
read and write permission.

The individual access level of Web users is handled through code , if they
are admin then more Web pages are shown to them.

As I am new to SQL Server , I deeply appreciate your recommendation about
this design choice I have made; I also appreciate any reading material.

If this is not the correct newsgroup, kindly let me know.

Best
Natasha

Follow-Ups:
- Re: Users , Web Application and SQL Server back end - Beginner Que
  - From: Natasha

Prev by Date: Re: Credentials not being passed with remote access
Next by Date: Re: SQL DB with legacy Access Frontend - How do we stop people getting in through the backdoor?
Previous by thread: Re: sa password lost
Next by thread: Re: Users , Web Application and SQL Server back end - Beginner Que
Index(es):
- Date
- Thread

Relevant Pages

Re: Users , Web Application and SQL Server back end - Beginner Que
... Create table Users (userid int not null primary key, ... I have developed a java based Web application that is using SQL Server ... admin just has access to some extra tables. ...
(microsoft.public.sqlserver.security)
Re: Getting the value that was generated using the IDENTITY property
... SQL Server MVP ... as to how I get the primary key for a record/row that I just inserted. ... > id_num int IDENTITY, ... But when I create the data layer in the application ...
(microsoft.public.sqlserver.programming)
Re: surely, theres got to be a better way
... Columnist, SQL Server Professional ... And he would redo my query without it. ... TABLE_A_id INT ... description NVARCHARTABLE_A.id and TABLE_A.date for the primary key in TABLE_A while TABLE_A_id and TABLE_A_date are foreign keys into TABLE_A Basically, I want a query that will give me everything from TABLE_A if it is NOT in TABLE_B what I came up with was: select id, date, name from TABLE_A where ) ...
(microsoft.public.sqlserver.programming)
Re: Getting the value that was generated using the IDENTITY property
... If you have SQL Server 2000, ... as to how I get the primary key for a record/row that I just inserted. ... > id_num int IDENTITY, ... But when I create the data layer in the application ...
(microsoft.public.sqlserver.programming)
Re: WHERE clause applies to right-hand table of LEFT JOIN
... it's always best to specify INNER JOIN ... T1_PK int NOT NULL ... CONSTRAINT FK_T2_T1 FOREIGN KEY ... The SQL Server cost-based optimizer is very good at generating efficient ...
(microsoft.public.sqlserver.server)