473,395 Members | 1,613 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

home > topics > c# / c sharp > questions > multi-tier and oracle

Join Bytes to post your question to a community of 473,395 software developers and data experts.

Multi-tier and Oracle

I currently have 2-tier Windows applications that connect directly to Oracle
to perform data operations. The connection method that I currently employ
is to store user names and passwords (encrypted of course) in an Oracle
table. A Windows application requests username and password information
from a user. The application then connects to Oracle using a "guest"
account that has no privileges other than the ability to query the password
table and checks the information that the user entered to authenticate.

What I need to do now is move to a 3-tier system and I am not sure how to do
the authentication to Oracle. It is obviously still possible for a Windows
application to request username and password information from a user, but
then how do I get that information passed through the middle-tier to Oracle
and back again to tell the Windows application that authentication was
successful or not. I realize that I could simply pass the username and
password to the middle-tier application and then have it authenticate with
that information, however, then the middle-tier application will know the
password for that user and I would prefer not to expose that kind of
information in the middle-tier.

I guess what I am looking for is an idea how to do the authentication in a
3-tier system with as little security risk as possible. I would appreciate
any information that anyone can provide that has done the 3-tier thing
already with success.

Thanks.
Nov 17 '05 #1
2 1844
Oh yeah, and I am using C# for both the Windows applications and the
middle-tier which would seem obvious from the forum in which I am posting
but I thought I had better mention it anyway.

"meyousikmann" <me**********@nospamyahoo.com> wrote in message
news:11*************@corp.supernews.com...
I currently have 2-tier Windows applications that connect directly to
Oracle to perform data operations. The connection method that I currently
employ is to store user names and passwords (encrypted of course) in an
Oracle table. A Windows application requests username and password
information from a user. The application then connects to Oracle using a
"guest" account that has no privileges other than the ability to query the
password table and checks the information that the user entered to
authenticate.

What I need to do now is move to a 3-tier system and I am not sure how to
do the authentication to Oracle. It is obviously still possible for a
Windows application to request username and password information from a
user, but then how do I get that information passed through the
middle-tier to Oracle and back again to tell the Windows application that
authentication was successful or not. I realize that I could simply pass
the username and password to the middle-tier application and then have it
authenticate with that information, however, then the middle-tier
application will know the password for that user and I would prefer not to
expose that kind of information in the middle-tier.

I guess what I am looking for is an idea how to do the authentication in a
3-tier system with as little security risk as possible. I would
appreciate any information that anyone can provide that has done the
3-tier thing already with success.

Thanks.

Nov 17 '05 #2
This best practice may help:

Building Secure ASP.NET Applications: Authentication, Authorization, and
Secure Communication
http://msdn.microsoft.com/practices/...cnetlpmsdn.asp

--

Best regards,

Carlos J. Quintero

MZ-Tools: Productivity add-ins for Visual Studio .NET, VB6, VB5 and VBA
You can code, design and document much faster.
Free resources for add-in developers:
http://www.mztools.com

"meyousikmann" <me**********@nospamyahoo.com> escribió en el mensaje
news:11*************@corp.supernews.com...
I currently have 2-tier Windows applications that connect directly to
Oracle to perform data operations. The connection method that I currently
employ is to store user names and passwords (encrypted of course) in an
Oracle table. A Windows application requests username and password
information from a user. The application then connects to Oracle using a
"guest" account that has no privileges other than the ability to query the
password table and checks the information that the user entered to
authenticate.

What I need to do now is move to a 3-tier system and I am not sure how to
do the authentication to Oracle. It is obviously still possible for a
Windows application to request username and password information from a
user, but then how do I get that information passed through the
middle-tier to Oracle and back again to tell the Windows application that
authentication was successful or not. I realize that I could simply pass
the username and password to the middle-tier application and then have it
authenticate with that information, however, then the middle-tier
application will know the password for that user and I would prefer not to
expose that kind of information in the middle-tier.

I guess what I am looking for is an idea how to do the authentication in a
3-tier system with as little security risk as possible. I would
appreciate any information that anyone can provide that has done the
3-tier thing already with success.

Thanks.

Nov 17 '05 #3
New Post

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

12
cross posting vs. multi posting ( both *APPEAR* to be widely accepted )
by: * ProteanThread * | last post by:
but depends upon the clique: ...
HTML / CSS
0
GDI+ Error - problem with JPEG compression in Multi-page tiffs
by: frankenberry | last post by:
I have multi-page tiff files. I need to extract individual frames from the multi-page tiffs and save them as single-page tiffs. 95% of the time I receive multi-page tiffs containing 1 or more black...
.NET Framework
6
what are multi file assemblies good for?
by: cody | last post by:
What are multi file assemblies good for? What are the advantages of using multiple assemblies (A.DLL+B.DLL) vs. a single multi file assembly (A.DLL+A.NETMODULE)?
.NET Framework
5
Multi user programs
by: bobwansink | last post by:
Hi, I'm relatively new to programming and I would like to create a C++ multi user program. It's for a project for school. This means I will have to write a paper about the theory too. Does anyone...
C / C++
0
GDI+ Error - problem with JPEG compression in Multi-page tiffs
by: frankenberry | last post by:
I have multi-page tiff files. I need to extract individual frames from the multi-page tiffs and save them as single-page tiffs. 95% of the time I receive multi-page tiffs containing 1 or more black...
.NET Framework
0
How to turn on java script in a villaon keypad mobile phone
by: Charles Arthur | last post by:
How do i turn on java script on a villaon, callus and itel keypad mobile phone
Java
0
Merging data from multiple Excel files
by: ryjfgjl | last post by:
In our work, we often receive Excel tables with data in the same format. If we want to analyze these data, it can be difficult to analyze them because the data is spread across multiple Excel files...
Data Management
1
Looking to do Android software development, any suggestions? Is flutter better?
by: nemocccc | last post by:
hello, everyone, I want to develop a software for my android phone for daily needs, any suggestions?
General
1
Is that possible of reading the .csv file in column wise and the column have different lengths ?
by: Sonnysonu | last post by:
This is the data of csv file 1 2 3 1 2 3 1 2 3 1 2 3 2 3 2 3 3 the lengths should be different i have to store the data by column-wise with in the specific length. suppose the i have to...
C / C++
0
How to build RAID in BIOS?
by: Hystou | last post by:
There are some requirements for setting up RAID: 1. The motherboard and BIOS support RAID configuration. 2. The motherboard has 2 or more available SATA protocol SSD/HDD slots (including MSATA, M.2...
Computer Hardware
0
Oralloy
Problem With Comparison Operator <=> in G++
by: Oralloy | last post by:
Hello folks, I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>". The problem is that using the GNU compilers,...
C / C++
0
jinu1996
Maximizing Business Potential: The Nexus of Website Design and Digital Marketing
by: jinu1996 | last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven...
Online Marketing
0
tracyyun
Discussion: How does Zigbee compare with other wireless protocols in smart home applications?
by: tracyyun | last post by:
Dear forum friends, With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each...
General
0
agi2029
AI Job Threat for Devs
by: agi2029 | last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing,...
Career Advice

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2024
About Bytes
Terms Of Use
Privacy Policy
Sitemap
Advertise on Bytes:
Post a Job
Sponsored Posts
Platinum & Gold Sponsors
Hire Now!