Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]
Groups > comp.databases.ms-sqlserver > #1005
| From | Erland Sommarskog <esquel@sommarskog.se> |
|---|---|
| Newsgroups | comp.databases.ms-sqlserver |
| Subject | Re: any advice for a login system? |
| Date | 2012-04-21 00:29 +0200 |
| Organization | Erland Sommarskog |
| Message-ID | <XnsA03C50F5A47FYazorman@127.0.0.1> (permalink) |
| References | <308606c1-1dbd-4def-87d8-72931bf21ead@n5g2000vbf.googlegroups.com> <XnsA03AE8ACA62FCYazorman@127.0.0.1> <e71b7df2-a7b2-4536-8165-78f4cf3ccbbd@l18g2000vbx.googlegroups.com> |
Ender Karada? (enkaradag@gmail.com) writes: > our application is a two tier application between fat clients and a > completely dummy database server (wat i mean is; all calculations and > requirements are done on client machine, server just saves the given > data and queries it) but i want to redesign all the application and > database with the best approach (with a "+1" tier maybe). I guess the reason for this complicated arrangement is that you don't want users to access the database directly from outside the application. This is not really achievable with a two tier-application. Anything the application can do, the user can do outside the application. You can employ various tricks, but it's only security by obscurity. It may be enough to keep the users who are too smart for their own good out, but not enough to keep the dedicated malicious user out. The best you can do, save re-architecturing the application, is to put it on a terminal server, and set up the terminal server so that when user log in they directly come to the application, and so that they cannot leave the application. Then you can do one of two things: 1) Application uses a proxy login, and users have no logins of their own. 2) Application logs in each user with their own login, but the network is setup so that users cannot reach SQL Server from their own machines. > for the login structure, would it be possible to change the sqlserver > user, without dropping the session? There are application roles that were introduced to address this situation, but again, on a two-tier application, they are not safe, because the user can always retrieve the password on his own. As for you endeavour to move the business logic from the application to the database, this is definitely a correct step to take, but it will certainly take some time to realise. -- Erland Sommarskog, SQL Server MVP, esquel@sommarskog.se Links for SQL Server Books Online: SQL 2008: http://msdn.microsoft.com/en-us/sqlserver/cc514207.aspx SQL 2005: http://msdn.microsoft.com/en-us/sqlserver/bb895970.aspx
Back to comp.databases.ms-sqlserver | Previous | Next — Previous in thread | Find similar
any advice for a login system? Ender Karadağ <enkaradag@gmail.com> - 2012-04-19 10:47 -0700
Re: any advice for a login system? Erland Sommarskog <esquel@sommarskog.se> - 2012-04-19 22:52 +0200
Re: any advice for a login system? Ender Karadağ <enkaradag@gmail.com> - 2012-04-19 15:53 -0700
Re: any advice for a login system? Erland Sommarskog <esquel@sommarskog.se> - 2012-04-21 00:29 +0200
csiph-web