That's a definite maybe...

Post #229,949 by ben_tilly 10/18/05 1:31:01 PM Reply	That's a definite maybe... Depends on the application, but I immediately see the following problems which may or may not be problems for you depending on what you're doing. The strategy described indicates that you have to create new database connections for every request, which won't scale very well. I'd have concerns about vendor lock-in. Particularly if your implementation is IIS-dependent and your network has problems with viruses and the like. How reliable is Active Directory? I've heard bad things over the years and happen to know of a couple of major disasters associated with it. But that's anecdotal, and I don't know what your needs are. Usually there are tables (eg ones with user information) where users need to be granted/denied access per row. So you'll likely need to build the usual kind of permission scheme ANYWAYS. Having multiple permission scheme's is a good way to lead to confusion, and confusion is a Bad Thing when it comes to security. Against all of this I can name at least one big positive - which is that the damage from compromises in your web application are more likely to be automatically contained. For instance if most users don't have permissions on whatever table has credit cards, then an attacker will have a lot more trouble getting that table to dump. A second positive is that you may have to do less work to set up a new user - just let the sysadmins handle it in Active Directory. For a low-volume intranet application at a site that has accepted vendor lock-in, depends on Active Directory anyways and has good Windows administrators, your strategy sounds reasonable to me. But if any of those assumptions are loosened (or you wish them to be loosenable in the future), then I'd not be as happy with it. Cheers, Ben I have come to believe that idealism without discipline is a quick road to disaster, while discipline without idealism is pointless. -- Aaron Ward (my brother)
Post #229,960 by drewk 10/18/05 2:25:45 PM Reply	You missed a line Users are also granted specific permissions on SQL Server ... First the sysadmin creates the user account and assigns groups. Then the DBA (actually a programmer who happens to be an MCDBA) assigns permissions to the tables. Or at least some of the tables ... the ones he knows about. Usually there are tables (eg ones with user information) where users need to be granted/denied access per row. So you'll likely need to build the usual kind of permission scheme ANYWAYS. Having multiple permission scheme's is a good way to lead to confusion, and confusion is a Bad Thing when it comes to security. Yes. Yes. And yes. I also suspect -- but don't know enough about admin-ing Windows to be sure -- that this is actually a Very Bad Idea for SQL Server. I would think you'd want as few users with permissions on the DB as possible. And the one user with permission should be a user that no real user can be. === Purveyor of Doc Hope's [link\|http://DocHope.com\|fresh-baked dog biscuits and pet treats]. [link\|http://DocHope.com\|http://DocHope.com]
Post #229,963 by CRConrad 10/18/05 2:32:51 PM Reply	Admin, we need another WeeCode... Bent Silly: Having multiple permission scheme's is a good way... Something like "`[AngryFlower]`", that points to that `BobSomething.GIF`, wherever it is. [link\|mailto:MyUserId@MyISP.CountryCode\|Christian R. Conrad] (I live in Finland, and my e-mail in-box is at the Saunalahti company.) Your lies are of Microsoftian Scale and boring to boot. Your 'depression' may be the closest you ever come to recognizing truth: you have no 'inferiority complex', you are inferior - and something inside you recognizes this. - [link\|http://z.iwethey.org/forums/render/content/show?contentid=71575\|Ashton Brown]
Post #230,168 by Meerkat 10/20/05 8:26:42 AM Reply	Why not just have another checkbox on the New Comment page entitled "Silence the language pedants! (fix apostrophes)" and be done with it :) Two out of three people wonder where the other one is.

Welcome to IWETHEY!