Re: Application Security based on SQL Security




yes im aware about that but if i check the error type and re fom the message
and show a customised message it would be fine with less complxity in coding
:))))
--
Ammar S. Mitoori
IT Head QIMCO Co.
Tel : +9744831199
Mobile : +9745378400
Fax : +9744831643


"Uri Dimant" wrote:

Pure
Sometimes SQL Server throws not elegant messages to understand by the
end -users :-))))



"Pure Heart" <PureHeart@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:9546634A-BBED-44E6-9F50-B960E0EC9C90@xxxxxxxxxxxxxxxx
hi

thanks for the replay, but i have another idea, instead of checking for
pemission why dont i let him connect and try to update then he will get an
error message from sql server directly without making my code more complex
?
--
Ammar S. Mitoori
IT Head QIMCO Co.
Tel : +9744831199
Mobile : +9745378400
Fax : +9744831643


"Uri Dimant" wrote:

Well , then you will have to build a logic in the second tier of
application
(where you keep the pass) to check it againts SQL Server and return the
message
This example determines whether the current user can grant the INSERT
permission on the authors table to another user.

IF PERMISSIONS(OBJECT_ID('authors'))&0x80000=0x80000
PRINT 'INSERT on authors is grantable.'
ELSE
PRINT 'You may not GRANT INSERT permissions on authors.'



"Pure Heart" <PureHeart@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:35FC0D5D-65AB-41F3-A5DB-DC79E84EA1E7@xxxxxxxxxxxxxxxx
hi

thanks for the replay but its away from my question i was asking about
security implemented in a .NET application
--
Ammar S. Mitoori
IT Head QIMCO Co.
Tel : +9744831199
Mobile : +9745378400
Fax : +9744831643


"Uri Dimant" wrote:

Pure


tp://vyaskn.tripod.com/sql_server_security_best_practices.htm --------security
best practices









"Pure Heart" <PureHeart@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:5CE06A84-A5AE-48A1-BAA4-47B844FC2C29@xxxxxxxxxxxxxxxx

Hi

i was wondering instead of implementing my own security schema
inside
my
application code is it recommended to depend on SQL Security so a
user
will
connect with user name and password and if he dont have a permission
on
SQL
to delete or update he will egt an message i feel its more simple
what
you
think ?

thank you
--
Ammar S. Mitoori
IT Head QIMCO Co.
Tel : +9744831199
Mobile : +9745378400
Fax : +9744831643









.



Relevant Pages

  • Re: Application Security based on SQL Security
    ... Ammar S. Mitoori ... IT Head QIMCO Co. ... Mobile: +9745378400 ...
    (microsoft.public.sqlserver.security)
  • Re: Importing data from excel
    ... Ammar S. Mitoori ... IT Head QIMCO Co. ... Mobile: +9745378400 ...
    (microsoft.public.sqlserver.tools)
  • Re: auditing users
    ... Ammar S. Mitoori ... IT Head QIMCO Co. ... Mobile: +9745378400 ... My intend was to get a version of SQL Server from you in order to help ...
    (microsoft.public.sqlserver.security)
  • Re: Importing data from excel
    ... SQL Server MVP ... Ammar S. Mitoori ... IT Head QIMCO Co. ... Mobile: +9745378400 ...
    (microsoft.public.sqlserver.tools)
  • Re: auditing users
    ... Ammar S. Mitoori ... IT Head QIMCO Co. ... Mobile: +9745378400 ...
    (microsoft.public.sqlserver.security)