|
Home > Archive > MS SQL Server > March 2006 > trusted vs sql user connections
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
trusted vs sql user connections
|
|
| John A Grandy 2006-03-24, 8:23 pm |
| For a highly scalable web app, what are the pros/cons or better-fit
scenarios for :
option 1 : config the sql svrs with "Windows" security mode and have the
ASP.NET webapp , any Windows Services, any app servers, etc. always use
trusted connections
option 2 : config the sql svrs with "Mixed Mode" security , and always use
SQL User type connections
One advantage to trusted connections would seem to be that you stored
connection strings you never expose security info ....
| |
|
| with trusted you depend on windows to validate the credentials. this is much
more secured than sql authentication. however, if your controller is down
and no local cache is available, the nt acct might not be authenticated.
thus, no access is going to be given to sqlserver. also, windows
authentication requires that the client and server are both running windows.
sql authentication is great if your client is not running windows. also, the
login/credential is local to sqlserver itself, thus a domain authenticator
is not needed.
i suggest you take a quick look at this article. it explains pretty well
about these two authentication models.
http://msdn.microsoft.com/library/e...curity_47u6.asp
--
-oj
"John A Grandy" <johnagrandy-at-yahoo-dot-com> wrote in message
news:u0f1VD7TGHA.1236@TK2MSFTNGP11.phx.gbl...
> For a highly scalable web app, what are the pros/cons or better-fit
> scenarios for :
>
> option 1 : config the sql svrs with "Windows" security mode and have the
> ASP.NET webapp , any Windows Services, any app servers, etc. always use
> trusted connections
>
> option 2 : config the sql svrs with "Mixed Mode" security , and always use
> SQL User type connections
>
> One advantage to trusted connections would seem to be that you stored
> connection strings you never expose security info ....
>
>
| |
| Ben Nevarez 2006-03-26, 8:23 pm |
|
Windows authentication has all the advantages and it is the recommended
mode. If you have both choices, use Windows authentication.
Using Windows authentication allows us to use many Windows security features
like password expiration, complexity, account lockout, security policies,
etc.
SQL Server 2000 does not have these features for SQL Server authentication.
SQL Server 2005 has most of these features but are only available while using
Windows Server 2003.
Ben Nevarez, MCDBA, OCP
Database Administrator
"John A Grandy" wrote:
> For a highly scalable web app, what are the pros/cons or better-fit
> scenarios for :
>
> option 1 : config the sql svrs with "Windows" security mode and have the
> ASP.NET webapp , any Windows Services, any app servers, etc. always use
> trusted connections
>
> option 2 : config the sql svrs with "Mixed Mode" security , and always use
> SQL User type connections
>
> One advantage to trusted connections would seem to be that you stored
> connection strings you never expose security info ....
>
>
>
|
|
|
|
|