September 25, 2006 at 1:56 pm
Hello,
I have created a ASP.NET signup form, one of the field is a drop down menu where the user can select one of 10 security questions (ie. What is your pet's name? What is your mother's maiden name? etc...)
Should this list of security questions be:
1. Hard coded in the ASP.NET page in the server control?
2. Saved to a text file?
3. Saved to an SQL table?
Methods 2 and 3 will require read access to the file/table. Which method is best in terms of efficiency and ease of maintenance of the list?
September 25, 2006 at 2:08 pm
I don't see why I wouldn't be usin sql server for this. It's exactly why it was created. Unless there's some hidden information that can't be seen by anyone except the programmers then I'd go with the table option.
September 26, 2006 at 9:15 am
Definitely use the table with a stored procedure to avoid injection attacks.
Joshua Perry
http://www.greenarrow.net
September 26, 2006 at 9:57 am
You asked: "Which method is best in terms of efficiency and ease of maintenance of the list?" The key word is "best". Best for whom?
What skill set does the person, or persons, have who is going to be doing this maintenance. I had difficulty teaching a plant IT person how to change data in a SQL table but the same person could run notepad no problem.
This is a low frequency set of data in regard to changes and so may not need its own UI to do it. As far as ASP goes it's almost a wash. I suspect that file I/O if the file is on the web server may be a bit faster than SQL especially if the SQL server is not the same as your web server. You web server is a different machine thatn your SQL server, right?
ATBCharles Kincaid
September 26, 2006 at 2:55 pm
Regarding changes, what happens if a question was deleted and some accounts happen to use that deleted security question? Or do we even allow changes like that in our table/text file?
Viewing 5 posts - 1 through 4 (of 4 total)
You must be logged in to reply to this topic. Login to reply