|
Hi All,
I would like to know;How Connection pooling will impact on security?
Thanks in Advance.
anju
|
|
|
|
|
anju wrote:
How Connection pooling will impact on security?
To my knowledge it doesn't.
Connection pooling is just a way that a .NET application re-uses the same connection to the database in different parts of an application. The connection must be the same as an existing connection in the pool, if not then a new connection is created.
My: Blog | Photos
WDevs.com - Open Source Code Hosting, Blogs, FTP, Mail and More
|
|
|
|
|
Thank you for your quick reply.
What I am looking is ....
To implement connection pooling the connection strings must be identical.(am I right?).If this is the case,for different UserIds and Passwords the connection string is always different,then how connection pooling will be helpful?.
anju
|
|
|
|
|
anju wrote:
To implement connection pooling the connection strings must be identical.(am I right?).
Yes. That is correct.
anju wrote:
If this is the case,for different UserIds and Passwords the connection string is always different,then how connection pooling will be helpful?.
Because you create a connection, use the connection and then close the connection. Next time you access the database you repeat the create, use, close routine again. The second time round the connection will be in the pool and you get it quickly.
My: Blog | Photos
WDevs.com - Open Source Code Hosting, Blogs, FTP, Mail and More
|
|
|
|
|
If we want performance and scalability,Do we need to compramise about security?
anju
|
|
|
|
|
|
Then, Could you pleae explain me the way to Manage Security with Connection Pooling.
anju
|
|
|
|
|
As I have said already: Connection pooling is just a way that a .NET application re-uses the same connection to the database in different parts of an application. The connection must be the same as an existing connection in the pool, if not then a new connection is created.
It is NOT a way to manage security. It is a way to repeatedly use the same connection to the database.
My: Blog | Photos
WDevs.com - Open Source Code Hosting, Blogs, FTP, Mail and More
|
|
|
|
|
Thank you for your explanation.
anju
|
|
|
|
|
anju wrote:
for different UserIds and Passwords the connection string is always different
Yes it is, but, then you don't use different user IDs/passwords in your application. If your application needs logins, you create a table in your database with the user name and passwords *for your application*.
Then you create one single SQL Server user that only has access to run stored procedures on your application's database. This is the user ID you use everywhere in your application to access your database (of course, you must have stored procedures to access all tables.)
When a user logs in your application, you find out in your database using the stored procedures what permissions that user has, and selectively enable/disable parts of your application.
But you only should have one database user ID/password, and use that in your connection string (never sa ). This way, all the connection strings will be the same, and connection pooling will work fine.
-- LuisR
Luis Alonso Ramos
Intelectix - Chihuahua, Mexico
Not much here: My CP Blog!
|
|
|
|
|
|
I'd agree with that in general, but there are times that it's not practical, for example if you have a service that's running as SYSTEM with the database on another machine. Yes, I know that it's bad practice to have a service running as SYSTEM unless absolutely necessary - unfortunately this is a legacy service with UI and therefore has to run as an interactive service, hence it has to run as SYSTEM.
It's useful to note that you don't need a domain to set this up, but if you don't have one, you'll need to create user accounts for the appropriate users on the server hosting SQL Server, and add them to SQL Server's logins. You then need to synchronize the passwords for those user accounts between the machine that the client runs on and the server hosting SQL.
One thing you can do with Windows Authentication that you can't with SQL Server Authentication is to set up groups of users with particular permissions.
Stability. What an interesting concept. -- Chris Maunder
|
|
|
|
|
|
Colin Angus Mackay wrote:
Actually, I'd use windows authentication
Well, yes. But if he were using Windows Authentication, then he wouldn't be having problems with different connection strings: it would always be the same. But still, Mike's reply shows some situations where it isn't practical. In my current application, there's Windows Server with a MSDE and several other machines accessing it. The network is not configured with a domain, so its easier to just use sa with a blank password.
Just kidding, I have a SQL server user with limited permissions and I use SQL login info and store the connection string encrypted.
-- LuisR
Luis Alonso Ramos
Intelectix - Chihuahua, Mexico
Not much here: My CP Blog!
|
|
|
|
|
I want to zip files using a freely available Zip component which is available for download from the below address
http://www.xstandard.com/page.asp?p=C9891D8A-5390-44ED-BC60-2267ED6763A7&ss=D6DD5252-781D-47AE-900A-29F56BB7DFFE
The Following is the way i'm trying to zip the file but i m not able to Zip the file and save it
Please help me.
DECLARE @Result int, @Zipper int, @FileID int ,@source varchar(255), @description varchar(255)
execute sp_OACreate 'XStandard.Zip', @Zipper OUT
execute @Result = sp_OAMethod @Zipper, 'Pack', @FileID,'c:\\helloSQL.txt','c:\\wilbur.zip',true,9
Regards
Wilbur J. Pereira
"If they love me let them, for the heck of it.If they don't, who da heck cares about it"
|
|
|
|
|
|
I am creating a ASP.NET web application that allows users to execute DTS packages stored on the server. IIS has integrated windows authentication enabled. When the user executes the DTS package, I need the package to use the user's windows account to connect to the database. I have enabled integrated security, and according to the log file created when the DTS package is executed, my windows username is captured as the user who executes the package, but the database connections are made with the ASPNET account. How would I get the DTS package to use windows authentication?
Thanks.
|
|
|
|
|
I have read your Article Edit Almost Anything in a datagrid -Declan Brennan.
which is very interesting and a challenging work. My good wishes for your work.
I like to have in depth knowledge on it. Can you please help me?
I like do it in my project Address book for an Hospital in my hometown.
Traversing by Department Name and viewing patient Address in an datagrid.
Loading all patient Pictures and differentiating their disease using color box.
How to place the picure and colorbox ?
Profile
Name :Uma V
Qualification : M.c.a
Currently doing a DOT Net course and implementing a project in c#
Please give me your hand in making my project a success.
Regards
|
|
|
|
|
Hi,
In the database I have a table named
Equipment_Master(EqptNo, Eqptname, EqptDesc,ParentEqpt). In this table the parenteqpt is the any EqptNo from the same table. I want to show this data in the Treeview control(as a Parent Child relation) in Asp.Net. How can I do this.
Regards
Kalayn
|
|
|
|
|
Hi to Everybody!
I’ve got such problem. I have DataTable and I need to save it in dbf file. I need create .dbf file and then save DtataTable’s contents there.
|
|
|
|
|
|
Thank you, Marek, everything is OK now
|
|
|
|
|
Hi all
I just want to know whether new tables can be created in a SQL Server database at runtime.
I tried the following in Transact-SQL:
CREATE PROCEDURE sp_CreateTable
@TableName VARCHAR(20)
AS
CREATE TABLE @Tablename
(
TableIndex INT NOT NULL
)
It seems it is not happy with using a variable as table name
Any ideas?
Thanks.
Kobus
|
|
|
|
|
kbalias wrote:
I just want to know whether new tables can be created in a SQL Server database at runtime.
Yes.
kbalias wrote:
It seems it is not happy with using a variable as table name
You cannot create a table in this way. The table name cannot be substituted with a variable name.
kbalias wrote:
Any ideas?
Build some dynamic SQL and use EXEC(@SqlStatementString)
However, you must be careful with this as the @TableName variable would have to injected into the SQL statement and that could be a source of a SQL Injection attack.
My: Blog | Photos
WDevs.com - Open Source Code Hosting, Blogs, FTP, Mail and More
|
|
|
|
|
how to search for a specific record in a database using a Button on vb.net?
|
|
|
|