April 28, 2009 at 3:18 am
Hello everyone,
I'm currently developing a E-commerce website from scratch and will be using SQL server 2005/2008 on separate box running on Windows server 2003. Could some point best installation option like SQl server authentication mode (mixed or windows or sql ), collation to use and security consideration.
ta
April 28, 2009 at 1:15 pm
You'll need to provide more information about your application to be able to provide a setup suggestion. How many users, whats the application written in, # of transactions expected, database size, etc to determine a best setup. There is no one best setup, it always varies based on your application and data needs.
For example with authentication as you asked you have to define many things before you can answer that. Do you have an Active Directory environment? Will it be accessible or is it on a DMZ? Do you provide individual accounts for the application users, or is it a shared single account?
You'll find a the common consensus is "it depends" because no one knows exactly what you need to do and what your setup allows.
April 29, 2009 at 3:30 am
We are in early stage of analysis and design but I can reflect on rough figures. We are considering development in C# and .NET framework 3.5. Our E-com website generates 700 - 1000 transaction per day. Apart from this E-com website we have sales , purchase system that fits in to the architecture. There will be 25 users for sales/purchase system and E-com might turn to be 1000 users/ year.
I was planning to provide single login access for web users and as for sales/purchases they all will be separate login. In essence we may need to create a two roles with various permission (schema) setup.
We have hosted our server in DMZ so I guess SQL Authentication is only possible.
Though I have summarised these information , Im not confident how this going to work.
Any suggestion will be helpful.
Ta
April 29, 2009 at 10:30 am
You can use windows Authentication. Just make sure that the user name that is created for the WebService matches the same username in the DB server and the password also matches. It will Authenticate. It does not have to have same Domain name. Just create a Local user in your DB server with the same username and password.
Roles are a good idea. And separate users for Sales your web site is better a way to go. Also you can think of Schemas when you have multiple clients accessing the same DB.
No Raw SQL (Embedded SQL from your web code). Access to DB only through Stored procs. No Grants for Tables. Using a Middle tier is more efficient.
The list is very very large unfortunately. There are lots of things you can do to secure.
-Roy
April 29, 2009 at 10:36 am
thank you roy
April 29, 2009 at 10:37 am
The solution will work, I'm not sure what you're worried about. The web login is only as secure as the web server. Ideally you'd set up a web login in the IIS properties and use that in SQL Server.
Having separate logins for each user will be fine.
Collation? What do you need? It should default to your language. If you are multilingual, you'll need to use Unicode data types.
April 29, 2009 at 12:47 pm
As it is my first time in design I wanted get good suggestion from experts. Thank you every one for the help
Ta
Viewing 7 posts - 1 through 6 (of 6 total)
You must be logged in to reply to this topic. Login to reply