Thursday, February 9, 2012

A few database issues

A few questions:

1. What is better security wise: sql authentication or windows authentication?

2. If I use windows authentication, which account is normally used for access? and how do I set this in the database as well as the web.config?
(I test locally, but when I place the live site at my hosting provider I want to make sure that the windows account I used for testing is supported by them)

Thanks!

PS. SQL Server is driving me crazy with its no-helping-weird errors...(or is that just me? ;) )

1. If you run SQL Server on WinNT, Windows Authentication may be better. Windows Authentication is also called 'trusted connection', which means SQL trusts current Windows account context; SQL Server achieves login security integration with Windows NT 4.0 or Windows 2000 by using the security attributes of a network user to control login access.

SQL Server Authentication is provided for backward compatibility. When a user connects with a specified login name and password (both stored in SQL Server) from a nontrusted connection, SQL Server performs the authentication itself.

For more information, you can visit this website:http://msdn.microsoft.com/library/en-us/adminsql/ad_security_47u6.asp?frame=true

2. Current Windows logon account is used for Windows Authenticatoin (if the machine is in a domain, some delegation may be performed by the domain controller). Local 'Administrator' account on the machine is mapped to 'BUILTIN\Administrators' login in SQL Server; and if you want to connect to a remote SQL Server with Windows Authentication, you have to add the Windows account to the SQL Server logins (use Enterprise Manager->'Security'->'Logins').

In a VS2005 starter kit web application there is something like this in web.config that looks like using Window Authentication (in green):

<connectionStrings>
<add name="LocalSqlServer" connectionString="Data Source=.\SQLExpress;Integrated Security=True;User Instance=True;AttachDBFilename=|DataDirectory|aspnetdb.mdf" />
</connectionStrings>

BTW, SQL Books Online provides some useful helping message, and more can be found inhttp://msdn.microsoft.com ^_^

Posted by Crystal at 9:01 PM
Labels: , , , , , , , , , , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)