Re: static class confirmation

From: "Andy" <ajj3085@xxxxxxxxxxxx>
Date: 15 Mar 2006 07:08:03 -0800

Ignacio Machin ( .NET/ C# MVP ) wrote:

Why each user needs a different connectionstring?
Even if they have different privileges you can use the very same
connectionstring, it's a business rule who access what, and should therefore
be enforced in your dll.

Good security calls for security all the way up the chain, even at the
database layer.

Imagine someone got ahold of that connection string; they could now
have free reign to exectute any sql they wanted. Secuirty, to be
effective, must be present in every layer.

Andy

.

Follow-Ups:
- Re: static class confirmation
  - From: Ignacio Machin \( .NET/ C# MVP \)

References:
- Re: static class confirmation
  - From: scott blood
- Re: static class confirmation
  - From: Steven Blair
- Re: static class confirmation
  - From: Ignacio Machin \( .NET/ C# MVP \)

Prev by Date: Re: ListView with Icons
Next by Date: Re: Events - thread safe?
Previous by thread: Re: static class confirmation
Next by thread: Re: static class confirmation
Index(es):
- Date
- Thread

Relevant Pages

Re: Manuel for ODBC
... >> If security is an issue, ... > be a reason to use a DSN. ... > Instead of setting up the connectionstring, ...
(microsoft.public.fox.programmer.exchange)
Re: best way for storing connectionstring
... if you don't need all that security I recommend you storing it in ... > my application use a connectionstring to a database. ...
(microsoft.public.dotnet.languages.vb)
Open Tab delimited file with ADO
... did anyone manage to opne a tab delimited file with ado? ... I managed to open it now, with this connectionstring: ... Security Info=False ...
(borland.public.delphi.database.ado)
Re: Zugriff auf SQL-Datenbank übers Netzwerk
... Ich habe jetzt eine Datenbank auf dem SQL-Server ... Vergiss mal diesen Connectionstring und schau ... Persist Security Info=False ... Programm mit welchen konkreten Namen ...
(microsoft.public.de.german.entwickler.dotnet.datenbank)