|
|
What I need is to extend the basic login/account.
There is a number of accounts/logins that have access to database.
Each user (which is a login/account) can do some things depending on other data collected in database.
Example:
There is a "customer" table in database. Each "customer" can order "product". There is relationship between customer and product - lets say it's done by "order" table.
Now when customer connect to database (using his SQL Server login) I want to have a view that shows what "product" "customer" ordered. So there must be a some kind of way to link SQL Server login with entries from "customer" table.
It's quiet simple thing, when I log to codeproject I can track my posts. I can do that without SQL Server, but I want to create secure app - based on SQL Server Login authentication.
|
|
|
|
|
Since all this will be done through an application* you let the business logic in the application (or in stored procedures) filter the data returned to the user of the application.
dobrzan wrote: but I want to create secure app - based on SQL Server Login authentication.
Current advice is not to use SQL Server Authentication unless you are connecting it to systems that are not windows based. You should be using trusted connections with Windows Authentication. What you are suggesting is less likely to secure your system because your users will have some direct access to your SQL Server (even if they don't know it). This access can be used by an attacker to compromise your system. All an attacker needs is an account to your application and you automatically give them an account to the datbase.
If you have a web application, it will probably try to connect to SQL Server using the ASPNET account if you let it use a trusted connection. Let it do that. Create your own user tables to handle the users of your application. Do not use the sysusers table in SQL Server, it is not designed for that purpose.
you are not going to give your customers direct logins to your SQL Server as that would be nuts - Imagine if Code Project added a login in its SQL Server for each of its 3million+ members - it also screws with connection pooling making it very inefficient
Scottish Developers events:
* .NET debugging, tracing and instrumentation by Duncan Edwards Jones and Code Coverage in .NET by Craig Murphy
* Developer Day Scotland: are you interested in speaking or attending?
My: Website | Blog
|
|
|
|
|
So you suggest that I should use one login or windows based auth. to give users access to database (SQL Server) and distinguish each user by my own login logic in my app or web page.
Am I right?
Is this what others do?
Anyway thanks for help.
|
|
|
|
|
|
Hi
i opened one of my sqlserver 2000 databases with sqlserver 2005 without any problem,
but i can't see my database diagrams,and i can't create new diagram there.
please help me.
thanks is in forward.
|
|
|
|
|
|
thanks for your attention and your reply
but if i create and modify tables form 2005 and create and modify diagram from 2000.does any problem occure or not problem?
thanks again.
Human knowlege belongs to the world
|
|
|
|
|
That's it, Why can't i use 2 DataReader with same connection? How can i do multiple queries from the same connection.
Thanks.
|
|
|
|
|
|
Hi, i just did it but that second connection is what i have been trying to avoid. I remember that with ADODB in VB6 i was able to do multiple command and reads from the same connection.
Thanx, it works this way anyway.
|
|
|
|
|
|
If you have a connection you can execute multiple commands on it. Also, keep in mind, that idenctical connection strings will use the connection pool.
A man said to the universe:
"Sir I exist!"
"However," replied the Universe, "The fact has not created in me A sense of obligation."
-- Stephen Crane
|
|
|
|
|
|
Understood.
I was trying to use only one connection to gain performance but now i replaced the second connection with a subquery in a command of the original connection, check this tasty and parameter rich query:
"select SUM(t1.total - COALESCE(t2sum,0)) from ventas as t1 left join (select venta, SUM(cantidad_pagada) as t2sum from pagos_ventas where fecha_pago='" + CDC.Global.SetDBdate(hoy) + "' and metodo_pago<>1 and metodo_pago<>7 group by venta) as t2 on t2.venta=t1.id where t1.nula=0 and t1.pagada=0 and t1.fecha='" + CDC.Global.SetDBdate(hoy) + "'"
Bye.
-- modified at 15:29 Tuesday 18th July, 2006
|
|
|
|
|
|
Hi, i used the wrong word but you know what i mean, thanks for the link.
|
|
|
|
|
Multiple Active Result Sets (MARS). Probable you need ADO.Net 2.0.
|
|
|
|
|
Hi everyone!
I need to display the save changes message box in my windows form if user try to close the form without saving data.so can anyone help me to do this pls/
|
|
|
|
|
|
I am not sure, but I am trying to work this out but if I do a CREATE SCRIPT SELECT on a TABLE and execute it using SQL Server Management Studio Express, will it lock access to it for transactional or for update purposes? Like a read commted? or am I going off track here as I am not completely sure about SQL stuff....
|
|
|
|
|
Have you installed service pack 1 for SQL Server 2005.
This seems to make the front end stable.
Look where you want to go not where you don't want to crash.
Bikers Bible
|
|
|
|
|
hi guys ;
I am having a problem, my Access2000 Database is corrupted it won't even open it gives me a message that it cannot find the object named 'DataBases', I can't import from it or even compact it, I tried to look for a software to repaire they are all expensive and I can't afford them, can anyone help me or tell me a way to repare it
thanks in advance
bye
-- modified at 9:58 Sunday 16th July, 2006
|
|
|
|
|
illusionFinder wrote: gives me a message that it cannot find the object named 'DataBases'
Sounds like you're up a creek without a paddle. If you are missing any of the internal tables/objects, the database is pretty much dust. Do you have a backup of the database somewheres?
|
|
|
|
|
revert to most recent backup, or prepare to empty your wallet..
or try going through MS details on how to troubleshoot it.
How to troubleshoot and repair a damaged Jet 4.0 database in Access 2000:
http://support.microsoft.com/kb/209137/[^]
|
|
|
|