473,396 Members | 1,938 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

home > topics > asp.net > questions > connecting to db with the 'machine' account

Join Bytes to post your question to a community of 473,396 software developers and data experts.

Connecting to DB with the 'machine' account

This seems like a bad idea, but I'm having trouble identifying why.
With an ASP.NET application I am using Windows Integrated
Authentication. The aspnet_wp.exe runs as 'machine' per the
processModel element in machine.config. By creating a domain\machine$
user in the database, I can successfully connect to the database.

So in my case the domain is flintstone and the web server is fred. By
adding the flintstone\fred$ user to the database, any .NET process
running on the web server can connect to the database. It seems like
I'm opening the database up for malicous attacks from a rogue process
on the web server.

By moving from integrated security in the connection string to an
explicit user/pwd I appear to have more control over what processes can
access the database.

What are your thoughts about this?

Nov 19 '05 #1
2 1721
True.

Eliyahu

<jo***@wainz.net> wrote in message
news:11**********************@o13g2000cwo.googlegr oups.com...
This seems like a bad idea, but I'm having trouble identifying why.
With an ASP.NET application I am using Windows Integrated
Authentication. The aspnet_wp.exe runs as 'machine' per the
processModel element in machine.config. By creating a domain\machine$
user in the database, I can successfully connect to the database.

So in my case the domain is flintstone and the web server is fred. By
adding the flintstone\fred$ user to the database, any .NET process
running on the web server can connect to the database. It seems like
I'm opening the database up for malicous attacks from a rogue process
on the web server.

By moving from integrated security in the connection string to an
explicit user/pwd I appear to have more control over what processes can
access the database.

What are your thoughts about this?

Nov 19 '05 #2
By specifying explicity user/pwd you are enabling someone to discover a
username and password which can be used from any other server to connect to
the SQL Server. Moreover making the passwords of a user known to anyone who
opens up a file ( I am assuming this is in the web.config) is not a very good
idea, intuitively.

On the machine account side, you are sure of one thing that the machine is a
member of the active directory, which itself is a certain level of security.
Also generally machine accounts are given access to a database when both the
web server as well as the DB server are in the your (or support team's)
control and nobody else has physical access to those boxes.

My 2 cents!!

"jo***@wainz.net" wrote:
This seems like a bad idea, but I'm having trouble identifying why.
With an ASP.NET application I am using Windows Integrated
Authentication. The aspnet_wp.exe runs as 'machine' per the
processModel element in machine.config. By creating a domain\machine$
user in the database, I can successfully connect to the database.

So in my case the domain is flintstone and the web server is fred. By
adding the flintstone\fred$ user to the database, any .NET process
running on the web server can connect to the database. It seems like
I'm opening the database up for malicous attacks from a rogue process
on the web server.

By moving from integrated security in the connection string to an
explicit user/pwd I appear to have more control over what processes can
access the database.

What are your thoughts about this?

Nov 19 '05 #3
New Post

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

4
Connecting to SQL Server using Windows Authentication
by: Jeremy | last post by:
In my ASP.NET web applications I would like to use "integrated security=SSPI" instead of supplying a SQL Server account credentials. From what I understand there are security policy settings...
.NET Framework
11
Connecting to SQLServer 2000 from ASP.NET
by: Patrick | last post by:
I have an ASP.NET application that connects to a SQL Server database. The SQL Server resides on a seperate development server from the IIS5.1 on Windows XP SP2 on development PCs which host the...
ASP.NET
3
Connecting Database in thread
by: Makarand Keer | last post by:
Hi all Gurus I have asp.net application where I am creating background process using Threading. My threading involves invoking method which in turn gets some data from SQL server using Windows...
ASP.NET
14
Logon Failed connecting to SQL Server
by: David Tilman | last post by:
I've gone throught the MSDN walkthrough "Creating a Web Application Using Visual C# or Visual Basic". When I run the sample I get "Login failed for user 'dbuser'" at the line with...
ASP.NET
12
Separate Webserver and SQL Server -- error when connecting asp.netapp to a database
by: Ann Marinas | last post by:
Hi all, I would like to ask for some help regarding separating the asp.net webserver and the sql server. I have created an asp.net application for a certain company. Initially, we installed...
ASP.NET
4
Connecting to a network share
by: Matt Dockerty | last post by:
Hi, I'm trying to connect to a network share using a username / password / domain of my choosing. I've tried the WindowsIdentity.Impersonate route but can only impersonate the users on the...
ASP.NET
3
Error connecting to SQL Server through a Web Service???
by: GTDriver | last post by:
I'm trying to connect my application with a web service located on my own web server(localhost). I guess when the solution/proect is built it makes a file called 'Web...
.NET Framework
2
Problem connecting to my database
by: Patrick F | last post by:
Hi, i have SQL Server 2005 and a database set that is called, myCompany the problem is that i cant connect from my page to it, here is from the web.config: ( i have got this connectionstring from...
ASP.NET
1
How do I connect to my database when I'm using IIS (connecting via http://localhost/...)
by: mark4asp | last post by:
How do I connect to my application via http://localhost/..., using IIS. I've developed an application via the File System (using the VS Web server). When I deploy it I change the...
ASP.NET
0
How to turn on java script in a villaon keypad mobile phone
by: Charles Arthur | last post by:
How do i turn on java script on a villaon, callus and itel keypad mobile phone
Java
0
Migrating Website to Cloud - Emmanuel Katto
by: emmanuelkatto | last post by:
Hi All, I am Emmanuel katto from Uganda. I want to ask what challenges you've faced while migrating a website to cloud. Please let me know. Thanks! Emmanuel
General
1
Is that possible of reading the .csv file in column wise and the column have different lengths ?
by: Sonnysonu | last post by:
This is the data of csv file 1 2 3 1 2 3 1 2 3 1 2 3 2 3 2 3 3 the lengths should be different i have to store the data by column-wise with in the specific length. suppose the i have to...
C / C++
0
marktang
What is ONU?
by: marktang | last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However,...
General
0
Changing the language in Windows 10
by: Hystou | last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can...
Windows Server
0
Oralloy
Problem With Comparison Operator <=> in G++
by: Oralloy | last post by:
Hello folks, I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>". The problem is that using the GNU compilers,...
C / C++
0
jinu1996
Maximizing Business Potential: The Nexus of Website Design and Digital Marketing
by: jinu1996 | last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven...
Online Marketing
0
tracyyun
Discussion: How does Zigbee compare with other wireless protocols in smart home applications?
by: tracyyun | last post by:
Dear forum friends, With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each...
General
0
agi2029
AI Job Threat for Devs
by: agi2029 | last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing,...
Career Advice

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2024
About Bytes
Terms Of Use
Privacy Policy
Sitemap
Advertise on Bytes:
Post a Job
Sponsored Posts
Platinum & Gold Sponsors
Hire Now!