Re: connection options to yukon

What is "OSFA"?

--

- Sahil Malik [MVP]
Upcoming ADO.NET 2.0 book - http://tinyurl.com/9bync
----------------------------------------------------------------------------
---------------

"William (Bill) Vaughn" <billvaNoSpam@xxxxxxxxx> wrote in message
news:uXrm28taFHA.2768@xxxxxxxxxxxxxxxxxxxxxxx
> Both SQL authentication and Windows authentication have security issues
and
> tradeoffs. If you use TLS you can increase the security of your SQL auth
> connection but unless you're good at setting up
groups/schema/logins/users,
> they can be tough(er) to manage. Windows auth is slower as the domain must
> revalidate the credentials on each open. Windows auth can lead to trojan
> operations as the application using SSPI security runs under the
credentials
> of the user executing the program--credentials that might be very
different
> (and with different/more/less) rights than used when the application was
> first written.
>
> The point? There is no "universal" OSFA solution.
>
> --
> ____________________________________
> William (Bill) Vaughn
> Author, Mentor, Consultant
> Microsoft MVP
> www.betav.com/blog/billva
> www.betav.com
> www.sqlreportingservices.net
> Please reply only to the newsgroup so that others can benefit.
> This posting is provided "AS IS" with no warranties, and confers no
rights.
> __________________________________
>
>
> "Sahil Malik [MVP]" <contactmethrumyblog@xxxxxxxxxx> wrote in message
> news:e1lakyraFHA.2736@xxxxxxxxxxxxxxxxxxxxxxx
> > Connection pooling does not depend on what method you choose to
connect -
> > Windows auth or Sql auth.
> > Connection pooling depends on the fact that repeated SqlConnection
objects
> > use the exact same connection string.
> >
> > My recommendation would be to use Windows authentication over sql Auth
> > because it is more secure. It is more secure because there is no
password
> > to
> > manage :) (or it is managed by the OS).
> >
> > Please let me know if you have any additional questions.
> >
> > - Sahil Malik [MVP]
> > http://codebetter.com/blogs/sahil.malik/
> > My upcoming ADO.NET 2.0 book - http://tinyurl.com/9bync
> >
> >
> >
> >
> > <param@xxxxxxxxxxxxxxxx> wrote in message
> > news:urNVrlkaFHA.2664@xxxxxxxxxxxxxxxxxxxxxxx
> >> Hi all, i am a newbie to SQL2005. I have had experience developing apps
> >> on
> >> .net 1.1 and sql 2000. I am currently working on developing a new
> >> solution
> >> and looking into feasibility of using sql 2005 as the database and .net
> > 1.1
> >> as the front end with the enterprise library jan 2005 block to connect
to
> >> the database. I may also decide to use asp.net 2.0 depending on the new
> >> features available which I am still exploring. The question I had is
what
> > is
> >> the best way for an asp.net application (1.1 or 2.0) to connect to a
sql
> >> 2005 database and make best use of connection pooling.
> >>
> >> 1. SQL Server Authentication
> >>
> >> PROS
> >>
> >> 1. No need for windows accounts or cals
> >> 2. Performance
> >>
> >> CONS
> >>
> >> 1. Asp.net app needs to store username & password somewhere.
> >>
> >>
> >> 2. Domain Level Windows Account
> >>
> >> PROS
> >>
> >> 1. No need for application to store password
> >> 2. Easy Management in a Server Farm & DB Connectivity
> >>
> >> CONS
> >>
> >> 1. Performance
> >>
> >> 3. Local Level Windows Account
> >>
> >> PROS
> >>
> >> 1. No need for application to store password
> >> 2. Performance
> >>
> >> CONS
> >>
> >> 1. Complicated management in a server farm and need to create account
on
> >> each machine with same name etc.
> >>
> >> 4. SQL 2005 Application Roles?
> >>
> >>
> >> Can anyone make some best practice recommendations?
> >>
> >> Much appreciated!
> >>
> >>
> >>
> >
> >
>
>


.

Relevant Pages

  • Re: connection options to yukon
    ... Connection pooling depends on the fact that repeated SqlConnection objects ... My recommendation would be to use Windows authentication over sql Auth ...
    (microsoft.public.dotnet.framework.adonet)
  • RE: Connection Issue : SQL Server 2005 install on XPpro when connecting from a XPpro machine
    ... I think you are trying to mix the use of windows authentication and SQL authentication. ... With Windows authentication you don't specify a username it uses the user you are logged in as. ... For this to work you need to in a domain where the user on your machine is a domain user and then assign that user access on the server. ...
    (microsoft.public.sqlserver.connect)
  • [TOOL] Resources for Combating the Slammer Worm
    ... installations of Microsoft® SQL Server™ and the Microsoft SQL Server ... SQL Server 2000 SQL Scan Tool ... runs on computers running Windows 2000 or higher and can identify ... Check runs on computers running Windows 98, Windows ME, Windows NT 4.0, ...
    (Securiteam)
  • Re: connection options to yukon
    ... If you use TLS you can increase the security of your SQL auth ... connection but unless you're good at setting up groups/schema/logins/users, ... Windows auth is slower as the domain must ...
    (microsoft.public.dotnet.framework.adonet)
  • Re: please Help-changed from mixed windows authentication tho windows only locked out
    ... If you are trying to connect using Enterprise Manager, then delete the SQL ... Server registration first, and reregister with Windows authentication. ...
    (microsoft.public.sqlserver.security)