Re: web service for accessing db?

Tech-Archive recommends: Fix windows errors by optimizing your registry

I use integrated authentication.
I agree with everything but what's the point in this case when clients are
inside the network anyway or using vpn?
Plus I have connection string embeded in to code.


"Miha Markic" <miha at rthand com> wrote in message
news:OgHIVUgGIHA.4712@xxxxxxxxxxxxxxxxxxxxxxx

"Andy" <kc2ine@xxxxxxxxx> wrote in message
news:eB%23tLJaGIHA.700@xxxxxxxxxxxxxxxxxxxxxxx
Hi Miha,
thanks for response, so how good actually is security with remoting?
Problem is that have to decide what to use from old win32 application for
accesing SQL Srver 2005.
All client are within the network or accesing network through VPN. I
decided to use regular ADO but some argue that exposing connection string
is not safe. But We're already in the network so what's the point would
be in using web service, I don't see benefits at all.

It doesn't matter whether it is remoting or web services.
The point is (briefly), that if you expose the connection string, a
malicious user can read its content and connect to sql server directly.
So he can do whatever connection string allows him to do, and even worse,
user might exploit some sql server bug, etc.
OTOH if user is accessing through some sort of service, user won't be
seeing sql server at all. User would be allowed to do only what service
allows him to do.
BTW what authentication do you use - sql server or integrated?
--
Miha Markic [MVP C#, INETA Country Leader for Slovenia]
RightHand .NET consulting & development www.rthand.com
Blog: http://cs.rthand.com/blogs/blog_with_righthand/


.

Relevant Pages

  • Re: SQL Server security exception
    ... but the SQL server is on the ... This is very strange because I'm using the same Connection String ... > | public SqlConnection SqlConn = new SqlConnection; ... > Do you happen to run this from a network drive? ...
    (microsoft.public.dotnet.languages.csharp)
  • Re: XMLBulkload fails in asp.net com interop but works in vb.net
    ... Is it possible that your asp.net process is running under the NETWORK ... If you webserver and sql server are on different boxes, ... >> There is something wrong with your connection string. ...
    (microsoft.public.sqlserver.xml)
  • Re: SQL Server 2000 NETWORKIO issues
    ... Most Network IO waits are caused by the client (who ever is actually talking ... to SQL Server and requesting the rows) not being able to handle the rows ... In this case it sounds like the web service gets hung ... application users to a SQL Server 2000 database with service pack 4. ...
    (microsoft.public.sqlserver.connect)
  • Re: Unable to Connect To Sql Server 2000 using .NET 2005 EXPRESS
    ... Check www.connectionstrings.com and see if your connection string is valid. ... my sql server here on my laptop on my company's network. ... The timeout period elapsed prior to completion of the ...
    (microsoft.public.dotnet.framework.adonet)
  • Re: Accessing a remote DB via wp_aspnet.exe
    ... runs under the local ASPNET account. ... account that wil also be authorized in the SQL Server. ... > you can use the SQl Server's name in the connection string. ... > If the other SQL Server is outside your network, ...
    (microsoft.public.dotnet.framework.aspnet)