November 5, 2010 at 8:02 am
Hi Everyone,
Could you please tell me what is considered best practice when using Application Roles? Do vendors tend to hardcode/embed the Application Role password in the Application code?
Many thanks for any help you can offer
David
November 5, 2010 at 3:04 pm
I wouldn't. I'd pull it from a file/config area/registry, probably encrypted. That way you can change it if need be.
Follow me on Twitter: http://www.twitter.com/way0utwest
Forum Etiquette: How to post data/code on a forum to get the best help
My Blog: www.voiceofthedba.com
November 8, 2010 at 2:46 am
Hi Steve,
Many thanks for your response
At present our application uses SQL Authentication with the username/password information stored in an encrypted file on users PCs. However one of our clients has raised a concern about this, therefore I thought one solution would be to use an application role.
We canโt use Windows Authentication as it would allow users to bypass the application and access the data directly.
November 8, 2010 at 3:10 am
this is why stored procedures are good... You GRANT access to execute the procedure, but no permissions are given to the base tables ๐
Viewing 4 posts - 1 through 3 (of 3 total)
You must be logged in to reply to this topic. Login to reply