This seems like a bad idea, but I'm having trouble identifying why.
With an ASP.NET application I am using Windows Integrated
Authentication. The aspnet_wp.exe runs as 'machine' per the
processModel element in machine.config. By creating a domain\machine$
user in the database, I can successfully connect to the database.
So in my case the domain is flintstone and the web server is fred. By
adding the flintstone\fred$ user to the database, any .NET process
running on the web server can connect to the database. It seems like
I'm opening the database up for malicous attacks from a rogue process
on the web server.
By moving from integrated security in the connection string to an
explicit user/pwd I appear to have more control over what processes can
access the database.
What are your thoughts about this?