Re: Security - Active Directory Good Practices
- From: "Ralph" <nt_consulting64@xxxxxxxxx>
- Date: Thu, 22 Feb 2007 09:56:26 -0600
"Sandy" <Sandy@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:C898E039-2340-4597-BFF5-875E234CFE81@xxxxxxxxxxxxxxxx
Thanks for your reply, Ralph. Wouldn't putting Active Directory codea
directly in the app make the network itself vulnerable?
I may be out in left field here, but it just seems to me it somehow isn't
"best practice." I would be more inclined to periodically dump the Active
Directory info into a Sql Server table and use stored procedures to access
that table for rights.
Also, in your experience, have you ever seen Active Directory code put
directly into code in a VB application?
--
Sandy
<snipped>
Yes, unfortunately I have. <g>
But the issue here isn't an absolute.
Besides the obvious - "There are three ways to do a job - the right way, the
wrong way, and the boss' way!" You need to ask yourself - Who are the
potential attackers? What is it I'm actually securing?
Is such a App less 'secure'? Yes.
Is the 'security risk' worth it? Maybe?
Is the App as 'secure' as it needs to be? This what defines whatever "best
practice" should be.
For example, I have seen incredibly complex security schemes employed to
protect viewing a particular datasource. Only to discover that the data was
an inhouse telephone directory, published once a month, and could be found
scattered about in the main lobby. <g>
An excellent book - a short read with a wealth of information and
appreciation of what "best practice" actually means is - "Secure Coding:
Principle & Practices", Graff & van Wyk, O'Reilly.
-ralph
.
- References:
- Re: Security - Active Directory Good Practices
- From: Ralph
- Re: Security - Active Directory Good Practices
- Prev by Date: Re: AT Command in VB6
- Next by Date: Re: AT Command in VB6
- Previous by thread: Re: Security - Active Directory Good Practices
- Next by thread: Re: Security - Active Directory Good Practices
- Index(es):
Relevant Pages
|
