Re: Windows versus Application Security
- From: "Patrice" <scribe@xxxxxxxx>
- Date: Thu, 20 Jul 2006 18:19:48 +0200
It would be then some kind of applicative authorization.
So you would just have a login entry from that check the user likely from an
account list stored in the DB. This identity is kept global in the windows
Application and is passed to the server as needed (where it can be recorded
or matched with the account list).
As a side note I'm afraid it could suffer from the same problem (if they
already pass their credentials along to peers for Windows, why not for a
custom application as they 'll have anyway also to manage accounts inside
the application, and it seems they don't want to bother doing this for
Windows).
Good luck.
--
Patrice
"WhiskyRomeo" <WhiskyRomeo@xxxxxxxxxxxxxxxxxxxxxxxxx> a écrit dans le
message de news: 1502BE0C-06A5-4FD1-B4B2-2C2C20FE3D2D@xxxxxxxxxxxxxxxx
Actually the only purpose of this is to capture who does what in the
application. There are already various status tables the capture who does
what but is based on the windows login right which does not identify the
actual individual. For example:
When an order is placed, an entry is made into the OrderStatus table which
contains the Order_ID, Status (in this case -- Placed), date, and user
identification.
We most likely will continue to use their built in windows identity to
control access to the database. So when Willy Wonka logins into his work
station he logins as PCUser. But when he opens the application, he must
login as Willy Wonka and that identity must be passed around for the
purpose
of recording entries in these status tables.
WR
"Patrice" wrote:
Another option could be to use roaming profiles
http://support.microsoft.com/kb/243420/en-us allowing the profile to be
always available and allowing deletion server side...
Looks like more a question for an admin group...
I'm not sure for the other part what you are trying to do ? Do you have a
SQL Server 2000 application that doesn't relate to this or do you mean
you
could have to create one to workaround this profile issue ?
--
Patrice
"WhiskyRomeo" <WhiskyRomeo@xxxxxxxxxxxxxxxxxxxxxxxxx> a écrit dans le
message de news: 3CC25F36-6451-46AD-8DBF-90B598C06C7C@xxxxxxxxxxxxxxxx
I have a client that wants me to set up security for an windows .NET
application using SQL Server 2000 as the DBMS. Currently we use the
built
in
Windows security to define login and access to the database.
The problem is that there is a lot of turnover and users work at
multiple
XP
workstations. So everyone logins under a common user name and
password.
Creating, managing and removing windows domain accounts are not the
problem.
The problem is that every time a new user logs on an XP workstation,
that
user's folder structure is created on that machine. So, event though
individual windows accounts are manageable, having to go through each
workstation and clear out the users folders when they leave is not
manageable
-- not to mention the waste of disk space.
Is there a way to prevent XP from creating the individual user's folder
structure for each user?
If I must create an application login system, what is the best way to
do
this? That is how do I pass the identity of the user from one form to
another?
WR
.
- Follow-Ups:
- Re: Windows versus Application Security
- From: WhiskyRomeo
- Re: Windows versus Application Security
- References:
- Re: Windows versus Application Security
- From: Patrice
- Re: Windows versus Application Security
- From: WhiskyRomeo
- Re: Windows versus Application Security
- Prev by Date: How to increase textbox AutoComplete dropdown width
- Next by Date: Re: Windows versus Application Security
- Previous by thread: Re: Windows versus Application Security
- Next by thread: Re: Windows versus Application Security
- Index(es):
Relevant Pages
|
