Re: Maximum Number of Database Users and Roles

From: Tom Kaminski [MVP] ((A_at_T))
Date: 03/12/04

• Next message: Jeff Cochran: "Re: MYSQL with ASP driver"
• Previous message: J. Baute: "Re: Question about creating a proper query"
• In reply to: Barry: "Maximum Number of Database Users and Roles"
• Messages sorted by: [ date ] [ thread ]

---

Date: Fri, 12 Mar 2004 08:19:31 -0500

"Barry" <no_one@home.net> wrote in message
news:uueLnK3BEHA.3184@TK2MSFTNGP09.phx.gbl...
> I unfortunately found out during a late night update that the maximum
number
> of security accounts for sql server is 16379
> (http://support.microsoft.com/?id=303879).
>
> I have a web site that I had/have to change the security model for which
was
> originally setup using a Windows Domain Group and users to access our sql
> server database. We were using mangled url's to pass the username and
> password to our site, which was fine, but recently, MS removed the ability
> to mangle the url. Our customers want the ability to pass their users
from
> their site to our site seemlessly without any pop-up dialog (i.e. basic
> auth). One of our clients have approximate 40,000 users that need to be
> setup for the site. We are trying not to rewrite hundreds of stored procs
> to add the username and password parms, so we are kinda in a bind.
>
> How are you accessing your database using sql secrutiy accounts with >
16379
> users? Each user has to have a unique login, and we would like to use a
> built in security model, but we cannot use the Windows domain groups.

One great example of why I don't recommend SQL security user accounts for
*every* person connecting to the database through a web application.

Why not just have one account that your ADO code uses to connect to SQL
Server with? You can still have each user logon individually to the web
server.

-- 
Tom Kaminski IIS MVP
http://www.iistoolshed.com/ - tools, scripts, and utilities for running IIS
http://mvp.support.microsoft.com/
http://www.microsoft.com/windowsserver2003/community/centers/iis/

---

• Next message: Jeff Cochran: "Re: MYSQL with ASP driver"
• Previous message: J. Baute: "Re: Question about creating a proper query"
• In reply to: Barry: "Maximum Number of Database Users and Roles"
• Messages sorted by: [ date ] [ thread ]

---

Relevant Pages Re: Integrated security - why not? ... Let me explain why we seldom use Integrated Security for Internet asp.net ... how could we setup accounts for them? ... !server to the public network with services such as SQL Server (remember SQL ... The DC at the ISP is not for our own use. ... (microsoft.public.dotnet.framework.aspnet.security) Re: Borland is neglecting Delphi for Win32 badly ... Today in SQL ... Server 2000 you can write server extensions as COM objects and call them via ... SQLCLR allows CLR ... The security benefits are also tremendous and we could discuss for a long ... (borland.public.delphi.non-technical) Re: Integrated security - why not? ... The DC at the ISP is not for our own use. ... very much wanted to go down the fully integrated security route. ... > FSMO roles on disjoined server), but I would advise against that. ... > and create local accounts and then recreate all security. ... (microsoft.public.dotnet.framework.aspnet.security) Re: Integrated security - why not? ... FSMO roles on disjoined server), but I would advise against that. ... and create local accounts and then recreate all security. ... server behind a firewall at your ISP and just publish HTTPS service. ... (microsoft.public.dotnet.framework.aspnet.security) Re: SQL Permissions ... In advanced security the site server machine account has to be a member ... of the site server to sql connection group. ... (microsoft.public.sms.setup)

---

• Windows
• Science
• Usenet

• Archive
• About
• Privacy
• Search
• Imprint

www.tech-archive.net  > Archive  > Internet-Server  > microsoft.public.inetserver.asp.db  > 2004-03