Re: SQL Logins vs Windows Authentication
- From: "Richard Mueller [MVP]" <rlmueller-nospam@xxxxxxxxxxxxxxxxxxxx>
- Date: Wed, 19 Sep 2007 18:41:27 -0500
"Erland Sommarskog" <esquel@xxxxxxxxxxxxx> wrote in message
news:Xns99B0F21ECD50AYazorman@xxxxxxxxxxxx
Richard Mueller [MVP] (rlmueller-nospam@xxxxxxxxxxxxxxxxxxxx) writes:
I have a VB6 app that uses an SQL Server database. The application uses
Windows Authentication to connect to the database. Permissions in the
database are granted to a domain group. I am considering having the
application hosted. The hosting company says they are configured for SQL
authentication and cannot allow Windows Authentication for security
reasons. They use SQL Server 2005 (cluster). This puzzles me. The users
running my app will have Active Directory accounts in the hosting
company's domain. What security reasons could there be? I hesitate to
code SQL Login names and passwords in my application.
Not that I have much experience about hosting scenarios, but I would
expect a company that hosts SQL Server to provide SQL authentication
only, of the simple reason that they would accept to add external users
to their own domain. You say that this is actually happening, but I guess
the hosting company has several domains. I mean, your customers will not
be in the same domain as the hosting company's own domain, but they will
create a specific domain for your customers, and that only your customers
can access. If the SQL Server instance is not in that domain, we are
back in the situation where SQL authentication will be required.
How would you customers log into the domain at the hosting company?
--
Erland Sommarskog, SQL Server MVP, esquel@xxxxxxxxxxxxx
Books Online for SQL Server 2005 at
http://www.microsoft.com/technet/prodtechnol/sql/2005/downloads/books.mspx
Books Online for SQL Server 2000 at
http://www.microsoft.com/sql/prodinfo/previousversions/books.mspx
I assume it would not be the domain the hosting company uses for their
normal business, but a domain they created for the hosted customers. I don't
know how the customers will make the connection, but they will login to the
Active Directory domain. They will use one of several application servers
where they would launch several applications, including mine. I assume the
SQL Server is in the same domain. It seems to me if SQL Logins are used,
either all customers use the same SQL credentials, or I read the credentials
from text files. Why have passwords in that case?
Is there a security issue I am unaware of that would make SQL authentication
a better choice than Windows Authentication?
Richard
.
- Follow-Ups:
- Re: SQL Logins vs Windows Authentication
- From: Erland Sommarskog
- Re: SQL Logins vs Windows Authentication
- From: Roy Harvey (MVP)
- Re: SQL Logins vs Windows Authentication
- References:
- SQL Logins vs Windows Authentication
- From: Richard Mueller [MVP]
- Re: SQL Logins vs Windows Authentication
- From: Erland Sommarskog
- SQL Logins vs Windows Authentication
- Prev by Date: Re: Question about ms sql server side tracing(sp_trace_create procedure)
- Next by Date: Re: SQL Logins vs Windows Authentication
- Previous by thread: Re: SQL Logins vs Windows Authentication
- Next by thread: Re: SQL Logins vs Windows Authentication
- Index(es):
Relevant Pages
|
