473,412 Members | 2,005 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

home > topics > .net framework > questions > questions on .net in regards to sql security.

Join Bytes to post your question to a community of 473,412 software developers and data experts.

Questions on .NET in regards to SQL Security.

Howdy all. I posted this in the SQL newsgroups but got no response, so I
thought I'd try here. I'm a SQL DBA, not a .NET developer, so please forgive
me if my concepts/ verbage are slightly incorrect.

SQL2K SP4

The apps that connect to my SQL DB's (for internet use) use SQL
authentication (the app login so to speak). Anyways, a Java developer showed
me that he built into his app a way to retrieve that app login and password
from SQL Server. Obviously I wasn't very happy about this. So my questions:

1; Does anyone know if the same thing can be done using .NET code?
2; I've heard of a method using .Net Web Services (WS) for using WINNT
authentication even for internet apps. It would be that the app calls a WS,
that WS the passes in WIINT authentication to the DB and all is good. Has
anyone else out there used this type of security? Is there a link you can
provide?
3; If number 2 is implemented, does it then eliminate the possibility of
apps being able to retieve the sensitive information?

TIA, ChrisR

Oct 10 '06 #1
2 1184
Hi Chris,

Well I'm interested in seeing this Java app. I am wondering the the
problem is not so much with the abilities of Java as opposed to the
security mechanisms on the SQL Server.
You can bet that if it can be done in Java, it can be done in .NET as
well.

Web sites and services can be configured to use NT authentication.
Particularly the new WCF stuff in .NET 3.0 easy to configure for
different authentication mechanisms.
I don't have a link handy though.

In your case, I'd be looking at how the username/password is obtained
by the Java app. Is the person running the Java app while logged in as
a user who also has access to all the tables in the Master db? (eg.
sysxlogins, etc)

Howdy all. I posted this in the SQL newsgroups but got no response, so I
thought I'd try here. I'm a SQL DBA, not a .NET developer, so please forgive
me if my concepts/ verbage are slightly incorrect.

SQL2K SP4

The apps that connect to my SQL DB's (for internet use) use SQL
authentication (the app login so to speak). Anyways, a Java developer showed
me that he built into his app a way to retrieve that app login and password
from SQL Server. Obviously I wasn't very happy about this. So my questions:

1; Does anyone know if the same thing can be done using .NET code?
2; I've heard of a method using .Net Web Services (WS) for using WINNT
authentication even for internet apps. It would be that the app calls a WS,
that WS the passes in WIINT authentication to the DB and all is good. Has
anyone else out there used this type of security? Is there a link you can
provide?
3; If number 2 is implemented, does it then eliminate the possibility of
apps being able to retieve the sensitive information?

TIA, ChrisR
Oct 10 '06 #2
The developer claims that he is able to query the configuration file from the
app.

"Steven Nagy" wrote:
Hi Chris,

Well I'm interested in seeing this Java app. I am wondering the the
problem is not so much with the abilities of Java as opposed to the
security mechanisms on the SQL Server.
You can bet that if it can be done in Java, it can be done in .NET as
well.

Web sites and services can be configured to use NT authentication.
Particularly the new WCF stuff in .NET 3.0 easy to configure for
different authentication mechanisms.
I don't have a link handy though.

In your case, I'd be looking at how the username/password is obtained
by the Java app. Is the person running the Java app while logged in as
a user who also has access to all the tables in the Master db? (eg.
sysxlogins, etc)

Howdy all. I posted this in the SQL newsgroups but got no response, so I
thought I'd try here. I'm a SQL DBA, not a .NET developer, so please forgive
me if my concepts/ verbage are slightly incorrect.

SQL2K SP4

The apps that connect to my SQL DB's (for internet use) use SQL
authentication (the app login so to speak). Anyways, a Java developer showed
me that he built into his app a way to retrieve that app login and password
from SQL Server. Obviously I wasn't very happy about this. So my questions:

1; Does anyone know if the same thing can be done using .NET code?
2; I've heard of a method using .Net Web Services (WS) for using WINNT
authentication even for internet apps. It would be that the app calls a WS,
that WS the passes in WIINT authentication to the DB and all is good. Has
anyone else out there used this type of security? Is there a link you can
provide?
3; If number 2 is implemented, does it then eliminate the possibility of
apps being able to retieve the sensitive information?

TIA, ChrisR

Oct 11 '06 #3
New Post

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

8
Java programmer lured back by .Net (Questions)
by: Beatrice Rutger | last post by:
Hi, I am a previous Micro$oft desertee (moved from VB/VC++ to Java before this whole DOTNET thing) because I had several issues with Micro$oft. I am not completely in love with Windoze, but I...
.NET Framework
4
Exam type questions
by: Trevor Best | last post by:
Does anyone know of a source of some good exam (pop quiz) type questions on Access? Looking to test candidates in a job interview. Pref a mix of multiple choice and ones that have real answers. ...
Microsoft Access / VBA
3
Access Security Questions
by: mar10 | last post by:
I'm working on a database for a local business that requires different security for different individuals. There is one PC at the front desk and several individuals will be working with the...
Microsoft Access / VBA
4
Basic Questions
by: Ramesh | last post by:
hi, Let me ask some basic questions. Can anybody explain me about the following questions: 1. When we have to create sn key? Whenever we compiled Component we have to create or it is a one time...
C# / C Sharp
2
2 Questions about ADO.net
by: Tom | last post by:
1. I drag the sqlDataAdapter and sqlConnection from the tool bar to the web form. It creates automatically: protected System.Data.SqlClient.SqlDataAdapter sqlDataAdapter1; protected...
C# / C Sharp
2
Mdi Questions
by: Anthony Nystrom | last post by:
I have a mdi parent which has a control that I have attached. Within this control are the procedures I use to open mdi children. How do I explicitly maximize and minimize children rather than have...
Visual Basic .NET
14
Click Yes on Confirm Questions?
by: Lars Netzel | last post by:
How do I automatically generate a YES click on popups? I tried this.. http://www.realpopup.it/realaccount/MatroExpungeIMAP.txt But that gave me Uknow erros and I honestly do not understand...
Visual Basic .NET
1
some basic questions
by: Markus Stehle | last post by:
Hi all! We are planning to provide .net web services to our partners. As I am new to web services technology, I have some questions concerning data exchange and interop. As most of our...
.NET Framework
3
Questions
by: Phil Lee | last post by:
Hi, I have a few questions regarding web services in .NET 2 1) Why, when I run code analysis do I get a source controlled files named {guid}/codeanalysislog.xml...
.NET Framework
0
BarryA
Navigating the Data Structures and Algorithms (DSA)
by: BarryA | last post by:
What are the essential steps and strategies outlined in the Data Structures and Algorithms (DSA) roadmap for aspiring data scientists? How can individuals effectively utilize this roadmap to progress...
Algorithms / Advanced Math
1
Is that possible of reading the .csv file in column wise and the column have different lengths ?
by: Sonnysonu | last post by:
This is the data of csv file 1 2 3 1 2 3 1 2 3 1 2 3 2 3 2 3 3 the lengths should be different i have to store the data by column-wise with in the specific length. suppose the i have to...
C / C++
0
marktang
What is ONU?
by: marktang | last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However,...
General
0
Changing the language in Windows 10
by: Hystou | last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can...
Windows Server
0
Oralloy
Problem With Comparison Operator <=> in G++
by: Oralloy | last post by:
Hello folks, I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>". The problem is that using the GNU compilers,...
C / C++
0
The easy way to turn off automatic updates for Windows 10/11
by: Hystou | last post by:
Overview: Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows...
Windows Server
0
tracyyun
Discussion: How does Zigbee compare with other wireless protocols in smart home applications?
by: tracyyun | last post by:
Dear forum friends, With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each...
General
0
agi2029
AI Job Threat for Devs
by: agi2029 | last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing,...
Career Advice
0
isladogs
Access Europe - Using VBA to create a class based on a table - Wed 1 May
by: isladogs | last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome a new...
Microsoft Access / VBA

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2024
About Bytes
Terms Of Use
Privacy Policy
Sitemap
Advertise on Bytes:
Post a Job
Sponsored Posts
Platinum & Gold Sponsors
Hire Now!