G
Guest
Howdy all. I posted this in the SQL newsgroups but got no response, so I
thought I'd try here. I'm a SQL DBA, not a .NET developer, so please forgive
me if my concepts/ verbage are slightly incorrect.
SQL2K SP4
The apps that connect to my SQL DB's (for internet use) use SQL
authentication (the app login so to speak). Anyways, a Java developer showed
me that he built into his app a way to retrieve that app login and password
from SQL Server. Obviously I wasn't very happy about this. So my questions:
1; Does anyone know if the same thing can be done using .NET code?
2; I've heard of a method using .Net Web Services (WS) for using WINNT
authentication even for internet apps. It would be that the app calls a WS,
that WS the passes in WIINT authentication to the DB and all is good. Has
anyone else out there used this type of security? Is there a link you can
provide?
3; If number 2 is implemented, does it then eliminate the possibility of
apps being able to retieve the sensitive information?
TIA, ChrisR
thought I'd try here. I'm a SQL DBA, not a .NET developer, so please forgive
me if my concepts/ verbage are slightly incorrect.
SQL2K SP4
The apps that connect to my SQL DB's (for internet use) use SQL
authentication (the app login so to speak). Anyways, a Java developer showed
me that he built into his app a way to retrieve that app login and password
from SQL Server. Obviously I wasn't very happy about this. So my questions:
1; Does anyone know if the same thing can be done using .NET code?
2; I've heard of a method using .Net Web Services (WS) for using WINNT
authentication even for internet apps. It would be that the app calls a WS,
that WS the passes in WIINT authentication to the DB and all is good. Has
anyone else out there used this type of security? Is there a link you can
provide?
3; If number 2 is implemented, does it then eliminate the possibility of
apps being able to retieve the sensitive information?
TIA, ChrisR