Path: csiph.com!usenet.pasdenom.info!gegeweb.org!eternal-september.org!feeder.eternal-september.org!mx04.eternal-september.org!.POSTED!not-for-mail From: Erland Sommarskog Newsgroups: comp.databases.ms-sqlserver Subject: Re: any advice for a login system? Date: Thu, 19 Apr 2012 22:52:22 +0200 Organization: Erland Sommarskog Lines: 26 Message-ID: References: <308606c1-1dbd-4def-87d8-72931bf21ead@n5g2000vbf.googlegroups.com> Mime-Version: 1.0 Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: 8bit Injection-Info: mx04.eternal-september.org; posting-host="nBFDv6s1VJQDuF1w6hpX2A"; logging-data="19040"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX1+fn5Wxi1tyg0QxLwLQc4EA" User-Agent: Xnews/2006.08.24 Mime-proxy/2.1.c.0 (Win32) Cancel-Lock: sha1:drPQDibefpbrATQC9R3DmUg+Ke4= Xref: csiph.com comp.databases.ms-sqlserver:994 Ender Karada? (enkaradag@gmail.com) writes: > i created a "dbo.user_login(username, password)" function. and created > two users "admin" and "loginguest" in sqlserver. "admin" user can see > and do all jobs in sqlserver. but "loginguest" cannot see tables, > views, procedures etc. "loginguest" can just call "dbo.user_login" > function (even cannot redesign the > function) if username and password information provided is accepted by > the function (matching a user in the "appusers" table) it returns > admin user password and some user information to the caller. > > shortly, application will open a session with loginguest, get password > for admin, close session and the real user will login into sqlserver > with admin user. Is this a two-tier or three-tier application? That is, is there a middle- tier running on a separate server, or are users connecting directly from their workstations? -- Erland Sommarskog, SQL Server MVP, esquel@sommarskog.se Links for SQL Server Books Online: SQL 2008: http://msdn.microsoft.com/en-us/sqlserver/cc514207.aspx SQL 2005: http://msdn.microsoft.com/en-us/sqlserver/bb895970.aspx