May 21, 2009 at 7:26 am
Hi,
We have windows application with multiple modules and every unit in organization has different module. Right now my system working on SQL 2000 datbase and organization is moving from 2000 to 2008 database.
Now, Company has decided to move from Sql Authentication to Windows Authentication. So my connection string will change and i need to change it in all the modules, all related autoprocess and deploy new exe in all the pc around 500.
Can anyone suggest me that is the good idea to go with Mix mode authentication so i do not need to change connection string?
Thanks
May 21, 2009 at 7:42 am
If all of your application end users are within the company and on the active directory, it is much better to go with windows authentication. Don't fight it.....
http://msdn.microsoft.com/en-us/library/ms144284.aspx"> http://msdn.microsoft.com/en-us/library/ms144284.aspx
Disadvantages of SQL Server Authentication
If a user is a Windows domain user who has a login and password for Windows, he must still provide another (SQL Server) login and password to connect. Keeping track of multiple names and passwords is difficult for many users. Having to provide SQL Server credentials every time that one connects to the database can be annoying.
SQL Server Authentication cannot use Kerberos security protocol.
Windows offers additional password policies that are not available for SQL Server logins.
Advantages of SQL Server Authentication
Allows SQL Server to support older applications and applications provided by third parties that require SQL Server Authentication.
Allows SQL Server to support environments with mixed operating systems, where all users are not authenticated by a Windows domain.
Allows users to connect from unknown or untrusted domains. For instance, an application where established customers connect with assigned SQL Server logins to receive the status of their orders.
Allows SQL Server to support Web-based applications where users create their own identities.
Allows software developers to distribute their applications by using a complex permission hierarchy based on known, preset SQL Server logins.
May 26, 2009 at 12:22 pm
As par adv and disadv, you are right to go with windows authentication, but for cost and time wise, i think it is good to go with SQL Authenticatin or Mix Authentication.
Can you please explain me more why you have selected to go with Windows authenticaiton and not to mix mode.
May 26, 2009 at 12:38 pm
hetkeval2005 (5/26/2009)
As par adv and disadv, you are right to go with windows authentication, but for cost and time wise, i think it is good to go with SQL Authenticatin or Mix Authentication.Can you please explain me more why you have selected to go with Windows authenticaiton and not to mix mode.
Any discussion of cost and time for a security related change needs to include a risk factor for a data breach. What is the cost/time of a potential security breach of mixed mode authentication for your organization? Take whatever factor that is and compare it to the time you will spend making this change vs not. I feel that someone at your organization has made this calculation and determined that the time it takes you to make this change pales in comparison to the potential cost of a data breach. You have to consider the larger implications for your organization beyond your busy schedule...
September 4, 2009 at 3:46 am
windows is the securest option if you can do it, mixed is a compromise and will in the longterm generate more work for yourself.
--------------------------------------------------------------------------------------
[highlight]Recommended Articles on How to help us help you and[/highlight]
[highlight]solve commonly asked questions[/highlight]
Forum Etiquette: How to post data/code on a forum to get the best help by Jeff Moden[/url]
Managing Transaction Logs by Gail Shaw[/url]
How to post Performance problems by Gail Shaw[/url]
Help, my database is corrupt. Now what? by Gail Shaw[/url]
Viewing 5 posts - 1 through 4 (of 4 total)
You must be logged in to reply to this topic. Login to reply