Re: Application Security based on SQL Security
- From: Pure Heart <PureHeart@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Thu, 3 Jul 2008 03:57:00 -0700
yes im aware about that but if i check the error type and re fom the message
and show a customised message it would be fine with less complxity in coding
:))))
--
Ammar S. Mitoori
IT Head QIMCO Co.
Tel : +9744831199
Mobile : +9745378400
Fax : +9744831643
"Uri Dimant" wrote:
Pure.
Sometimes SQL Server throws not elegant messages to understand by the
end -users :-))))
"Pure Heart" <PureHeart@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:9546634A-BBED-44E6-9F50-B960E0EC9C90@xxxxxxxxxxxxxxxx
hi
thanks for the replay, but i have another idea, instead of checking for
pemission why dont i let him connect and try to update then he will get an
error message from sql server directly without making my code more complex
?
--
Ammar S. Mitoori
IT Head QIMCO Co.
Tel : +9744831199
Mobile : +9745378400
Fax : +9744831643
"Uri Dimant" wrote:
Well , then you will have to build a logic in the second tier of
application
(where you keep the pass) to check it againts SQL Server and return the
message
This example determines whether the current user can grant the INSERT
permission on the authors table to another user.
IF PERMISSIONS(OBJECT_ID('authors'))&0x80000=0x80000
PRINT 'INSERT on authors is grantable.'
ELSE
PRINT 'You may not GRANT INSERT permissions on authors.'
"Pure Heart" <PureHeart@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:35FC0D5D-65AB-41F3-A5DB-DC79E84EA1E7@xxxxxxxxxxxxxxxx
hi
thanks for the replay but its away from my question i was asking about
security implemented in a .NET application
--
Ammar S. Mitoori
IT Head QIMCO Co.
Tel : +9744831199
Mobile : +9745378400
Fax : +9744831643
"Uri Dimant" wrote:
Pure
tp://vyaskn.tripod.com/sql_server_security_best_practices.htm --------security
best practices
"Pure Heart" <PureHeart@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:5CE06A84-A5AE-48A1-BAA4-47B844FC2C29@xxxxxxxxxxxxxxxx
Hi
i was wondering instead of implementing my own security schema
inside
my
application code is it recommended to depend on SQL Security so a
user
will
connect with user name and password and if he dont have a permission
on
SQL
to delete or update he will egt an message i feel its more simple
what
you
think ?
thank you
--
Ammar S. Mitoori
IT Head QIMCO Co.
Tel : +9744831199
Mobile : +9745378400
Fax : +9744831643
- Follow-Ups:
- Re: Application Security based on SQL Security
- From: Pure Heart
- Re: Application Security based on SQL Security
- References:
- Re: Application Security based on SQL Security
- From: Uri Dimant
- Re: Application Security based on SQL Security
- From: Pure Heart
- Re: Application Security based on SQL Security
- From: Uri Dimant
- Re: Application Security based on SQL Security
- From: Pure Heart
- Re: Application Security based on SQL Security
- From: Uri Dimant
- Re: Application Security based on SQL Security
- Prev by Date: Re: Application Security based on SQL Security
- Next by Date: Re: Windows authentication still prompts for database login
- Previous by thread: Re: Application Security based on SQL Security
- Next by thread: Re: Application Security based on SQL Security
- Index(es):
Relevant Pages
|
