Database Access Security Issue
From: John********** (anonymous_at_discussions.microsoft.com)
Date: 03/25/04
- Next message: Alvin Bruney [MVP]: "Re: Session is empty!"
- Previous message: Chris Taylor: "Re: Stumped - Strongly Typed Arrays question (with simplified code example)"
- Next in thread: Ravichandran J.V.: "Re: Database Access Security Issue"
- Reply: Ravichandran J.V.: "Re: Database Access Security Issue"
- Messages sorted by: [ date ] [ thread ]
Date: Wed, 24 Mar 2004 16:01:08 -0800
Hello:
I have a simple situation where my web service wants to connect to a database, but I need to set the security settings so it can.
I have tried giving IWAM and IUSR Read/Write access to the database folder, which works fine on Win2000 but not on Win2003. I really would rather not have to do this in the first place since it seems like a security hole.
I have tried using impersonation in the web.config file :
<identity impersonate=true userName="ComputerName\Administrator" password="whatever"/>
This works fine, but I don't think my customers are going to go for it, since it seems like another security hole.
Is there a CORRECT/SECURE way to do this? All I want to do is query a database.
Thanks,
John
- Next message: Alvin Bruney [MVP]: "Re: Session is empty!"
- Previous message: Chris Taylor: "Re: Stumped - Strongly Typed Arrays question (with simplified code example)"
- Next in thread: Ravichandran J.V.: "Re: Database Access Security Issue"
- Reply: Ravichandran J.V.: "Re: Database Access Security Issue"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
