Re: application roles

From: bill (belgie_at_datamti.com)
Date: 12/14/04

• Next message: dibblm: "Re: How do I get a list of subdirectories to a text file?"
• Previous message: Nikolay Petrov: "Re: controls quiestion"
• In reply to: Mary Chipman: "Re: application roles"
• Next in thread: Mary Chipman: "Re: application roles"
• Reply: Mary Chipman: "Re: application roles"
• Messages sorted by: [ date ] [ thread ]

---

Date: Tue, 14 Dec 2004 07:56:58 -0500

Thanks for the input.

What is the recommended approach to prevent users from accessing database
resources independently of the user interface? Users have database
permissions and can access the database using MSAccess or whatever.

I appreciate your help.

-Bill

"Mary Chipman" <mchip@online.microsoft.com> wrote in message
news:7o4sr0tctd2ep62l4h8666ha605e60kckl@4ax.com...
> You probably won't find much because application roles are not widely
> used, especially in Web applications because you have to sacrifice
> connection pooling to get them to work. See:
>
> PRB: SQL Application Role Errors with OLE DB Resource Pooling
> http://support.microsoft.com/default.aspx?scid=KB;EN-US;Q229564
>
> This was written for ADO, but still applies to ADO.NET. Even if they
> worked, you would still not want to use them even in a .NET Winforms
> application because the application role password must be supplied by
> your client code. Reading the IL of a compiled assembly is fairly
> straightforward using the disassembler tool (ildasm.exe). Even if it's
> not embedded in your code, the password must be stored *somewhere* on
> the client, which makes it vulnerable.
>
> --Mary
>
> On Mon, 13 Dec 2004 08:42:34 -0500, "bill" <belgie@datamti.com> wrote:
>
> >I am looking for examples and assistance in configuring application roles
> >using SQL Server 2000 and VB.NET, both web forms and windows forms.
> >
> >Are there any suggestions?
> >
> >Thanks
> >Bill
> >
>

---

• Next message: dibblm: "Re: How do I get a list of subdirectories to a text file?"
• Previous message: Nikolay Petrov: "Re: controls quiestion"
• In reply to: Mary Chipman: "Re: application roles"
• Next in thread: Mary Chipman: "Re: application roles"
• Reply: Mary Chipman: "Re: application roles"
• Messages sorted by: [ date ] [ thread ]

---

Relevant Pages Re: application roles ... The best way is to take advantage of parameterized stored procedures, ... stored procedures and denying all permissions to the base tables to ... >What is the recommended approach to prevent users from accessing database ... >> your client code. ... (microsoft.public.dotnet.languages.vb) Re: application roles ... problem with connection pooling be resolved in a later version? ... because it seems like such a good way to handle database access ... > The best way is to take advantage of parameterized stored procedures, ... > stored procedures and denying all permissions to the base tables to ... (microsoft.public.dotnet.languages.vb) Re: No knowledge of the database? ... >> Your classes should be as independent of the database as possible. ... >> impact on the client code or the external interface to your module. ... has a binding layer that makes the appropriate type conversions to ... dictionary and metadata support. ... (comp.object) Re: Unbound Data Access ... Instead of attempting this in client code, ... creating a stored procedure to handle the problem? ... the sproc, which performs the computations and inserts the data into ... database or on the same server. ... (microsoft.public.dotnet.framework.adonet) Re: how does one trap for out-of-memory errors? ... >> I can't imagine how I can hide the database from the client code if I ... >> use database return resources, ... (comp.lang.php)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(10)