The most secure is to set up each "user" as an NT account and force login.
This can end up as a maintenance nightmare, however. Outside of this, you
will have to create some form of security account table for each user of the
system. You can set up an admin role and user roles and have the admin for a
particular company control the user's access. That will take some of the
maintenance off your back. You will have to add these new tables (account,
role, etc.) to your database or a separate security database.
All db access should be done through stored procedures, if possible, as that
adds a security layer over ad hoc queries against tables. A "hacker" will
only have access to the data retrieved, updated, etc., by a procedure, which
you have control over. This is not possible with all types of databases.
---
Gregory A. Beamer
MVP; MCP: +I, SE, SD, DBA
***************************
Think Outside the Box!
***************************
"CMan" wrote:
Hi ,
We have a internal database application which we now need to update from a
website hosted at an external site.
We want users to be able to come to the website and see their very latest
information. They should be able to update this data and submit it to a
holding area before it is checked by an operator and the live record
updated.
What is the best and most secure way to achieve this scenario?
How should the website be connected to the internal database?
Thanks
CMan