Using SQL DB for login authentication to a website
-
I would like to add SQL DB to my webpage and have visitors have to login to access, parts of the site. If anyone can suggest where I can find some examples of login scripts I could base my pages on I would be greatful.
Mark
-
It is not recommended to use DB login for your web application.
your DB will be easily hacked if you do so.
unless, you data is not important at all.
Leo
-
Do you mind to explain? I thought you could easily build an authentication system in wich users would have their username/password stored in the database and your webforms would match their submited data against them for validation. What are the security issues here?
Thank you and sorry for the lousy english.
-
In my opinion, for a 2-tier-architectured application, we should separate the login from your front-tier and end-tier. so, you have different logins for your application.
Reasons are:
1. Increase security control of the application. People can't hack your database easily.
2. You don't need to create user and grant the user for some specify tables. (Unless you plan to assign everyone as dbo.)
3. Normally, we control application by module (but not database table). Some module may use a few tables, which other modules are using it too. So, how are you going to grant the permission?
i think there are a lot more reasons why we don't practise this way. Maybe this is possible. i wish experts in this discusion group can give some input.
Thanks.
Leo
-
What you mean is that you shouldn't create one Database user for each user in your application, right? You would create a users table in your database where you'd store user information (login/password/etc.) The applicataion would access the database through one user that could read that table for the login validation, right?
If so i must agree with you from the beginning and recognize i missed the whole point of this thread. Adittionaly this is the model i always have used in my applications.
Footnote:
I am a student which has started playing with SQL Server for as much as one month or so. Please be patient
Viewing 5 posts - 1 through 4 (of 4 total)
You must be logged in to reply to this topic. Login to reply