Re: SQL Logins vs Windows Authentication

---

• From: Ekrem Önsoy <ekrem@xxxxxxxxxxxx>
• Date: Wed, 19 Sep 2007 22:33:23 +0300

---

Microsoft recommends using Windows Authentication for security purposes as you avoid using SQL Server Logins because then it would be easier to capture these login info and infiltrate into your SQL Server system.

I do not know if you have permission to administer the domain (which is on the hosting company's servers) from your remote machine, however this could be their concerning.

Why don't you ask them directly about their worries?

--
Ekrem Önsoy



"Richard Mueller [MVP]" <rlmueller-nospam@xxxxxxxxxxxxxxxxxxxx> wrote in message news:e8lYkYu%23HHA.5160@xxxxxxxxxxxxxxxxxxxxxxx

>I have a VB6 app that uses an SQL Server database. The application uses >Windows Authentication to connect to the database. Permissions in the >database are granted to a domain group. I am considering having the >application hosted. The hosting company says they are configured for SQL >authentication and cannot allow Windows Authentication for security >reasons. They use SQL Server 2005 (cluster). This puzzles me. The users >running my app will have Active Directory accounts in the hosting >company's domain. What security reasons could there be? I hesitate to >code SQL Login names and passwords in my application.

--
Richard Mueller
Microsoft MVP Scripting and ADSI
Hilltop Lab - http://www.rlmueller.net
--

To clarify, several customers will use the hosted application and each will have their own database with confidential information. The plan is to determine the customer from the AD account parent container and group membership, so the app connects to the correct database. Each customer will have several users.

Richard

.

---

• References:
  • SQL Logins vs Windows Authentication
    • From: Richard Mueller [MVP]
  • Re: SQL Logins vs Windows Authentication
    • From: Richard Mueller [MVP]

• Prev by Date: Re: SQL Logins vs Windows Authentication
• Next by Date: Re: SQL Logins vs Windows Authentication
• Previous by thread: Re: SQL Logins vs Windows Authentication
• Next by thread: Re: SQL Logins vs Windows Authentication
• Index(es):
  • Date
  • Thread

---

Relevant Pages Re: Credentials not being passed with remote access ... allowed windows authentication to work, ... I had assumed johnx was a domain user rather than a local Windows account. ... johnx was set up as a local login on sql server. ... (microsoft.public.sqlserver.security) Re: Database security design with ASP.net and form-based authentication ... This allows SQL Server to control security from both ... database security context to enable when a user belongs to multiple roles ... the single login approach is best in your situation since you don't ... (microsoft.public.sqlserver.security) Re: Unexpected Login Screen When Accessing SQL Data Via .NET Intra ... >> data and the SQL Server is on the same server. ... >> My problem is that one user has started getting a login popup ... >> right in via Windows Authentication like everyone else and like they ... (microsoft.public.sqlserver.connect) Re: Unexpected Login Screen When Accessing SQL Data Via .NET Intranet ... >> data and the SQL Server is on the same server. ... >> My problem is that one user has started getting a login popup ... >> right in via Windows Authentication like everyone else and like they ... (microsoft.public.sqlserver.connect) Re: Security Implementation??? ... > MSDE, ... > In users node in the db node, only dbo with no login name exists. ... Make the security machine independent, ... running the SQL Server Agent (especially if you are running MSDE sp4 as ... (microsoft.public.sqlserver.security)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Newsgroups  > microsoft.public.sqlserver.security  > 2007-09