Replacing SQL Integrated security by Custom security
ClassifiedsSK required the most basic security (probably just two roles -guest and admin- for most of us) therefore I would like to eliminate the SQL Integrated security (which adds more SQL objects than the logic of the app itself) for a very basic custom security (login and password in the member table, plus a simple role table -or even a "IsAdmin" indicator within the member table- would do the trick).
Now my question: Has anybody done this already? If so, would that person be willing to share the code?
Thanks in advance.
GP
|
0 |
|
gporta
6/17/2006 1:08:57 PM
asp.net.classified-starter-kit
974 articles. 
0 followers.
0 Replies
936 Views
Similar Artilces:
when is secure, secure?
Lo everyone, I wrote a custom authentication handler for PureFTPD, using a combination of authentication methods, for about 4 different types of users. So far, from testing it, it does look to work properly, and does it's job pretty well (and fast). I use #!/usr/bin/perl -W as well as use Strict, and use warnings, and the code returns no errors or warnings when run. I am right to presume that this basically only really tells me the my syntax and structure of the application is right? What's a good way to see whether it is actually SECURE... There is a couple of lines of...
security too secure
Name: joe Product: Firefox Summary: security too secure Comments: The security thing won't let me in this sight no matter how I accept, confirm, get certificate, etc. https://www.vtext.com/customer_site/jsp/messaging_lo.jsp Browser Details: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.4; en-GB; rv:1.9.1b4) Gecko/20090423 Firefox/3.5b4 From URL: http://hendrix.mozilla.org/ Note to readers: Hendrix gives no expectation of a response to this feedback but if you wish to provide one you must BCC (not CC) the sender for them to see it. ...
How secure is secure?
Thanks to this group and all the high tech individuals who frequent it I have learned how to protect my PC from the inside out. But what about security risks to my info 'before' it gets to my computer? Like my mail box on the server. Could someone hack into that and thumb through my mail? If so, how would I ever know? (The short story) We have a rogue employee at my work who one day decided to run the web site, she got in tight with the ISP, got tools to set and delete passwords on a protected directory on the server. Who knows if she has telnet access to other things, li...
Any security issues using Impersonation along with Forms Authentication with Integrated Security (SQL SERVER 2000)?
I currently running a ASP.NET application (Visual studio 2003) with SQL Server 2000. For security I am using forms authentication and integrity security for sql server enabling the ASP.NET account. I am developing a module that create, delete and upload files on a network directory. If I set impersonation in the web config to true and specify a username/password will that conflict with my current security? Would it be better to make impersonation specific to this page? Any ideas on the approach? Thanks ...
differance between Persist Security Info and Integrated Security
hi i want to know what is the differance between Persist Security Info=False;Integrated Security=Yes;Nothing is really over,untill the moment stop trying for it...Amitsp(MCTS,MCP)sqlreporting.blogspot.com Hi, The Persist Security Info property specifies whether the data source can persist sensitive authentication information such as a password. The Integrated Security propery specifies the type of database authentication. If the property is set to be false, you have to set your userid and password manually and if it is set to be true you can pass the authenti...
(IN)SECURE Magazine from Net-Security (PDF download)
A little more light reading :-) Latest issue, #13: http://www.net-security.org/insecuremag.php (86 pages, with ads [not animated ads] - like a printed magazine) Archives of past issues: http://www.net-security.org/insecure-archive.php ISSUE 13 (September 2007) * Interview with Janne Uusilehto, Head of Nokia Product Security * Social engineering social networking services: a LinkedIn example * The case for automated log management in meeting HIPAA compliance * Risk decision making: whose call is it? * Interview with Zulfikar Ramzan, Senior Principal Re...
form security against security
i have a form in my website which is to be filled by user and that form stores in database(sql server 2005). but someone told me that anyone can run script in textboxes in that form and can damage database, so how to avoid such security lack. it is common practice to use parameterized sql statements or stored procs to insure you are protected from sql injections attacks. if you concatenate user input directly into a sql statement, then you are at risk.Mike Banavige~~~~~~~~~~~~Need a site code sample in a different language? Try converting it with: http://converte...
Problem with SQL Integrated Security
Hi, I'm running a DNN3.1.1 on W2K3 server on a one machine and SQL2000 on W2K3 in other machine. I need to used integrated security to access to SQL I put in web.config this lines: <add key="SiteSqlServer" value="Data Source=myserver;Initial Catalog=DotNetNuke_Des;Integrated Security=sspi;persist security info=false;trusted_connection=yes" /> <authentication mode="Forms"> <forms name=".DOTNETNUKE" protection="All" timeout="60" /> </authentication> <...
Secure connections: how secure are they?
*QUOTE* ......... both useful and malicious information can be transmitted via network connections. Standard solutions protect computers against threats present in standard network connections, but aren't able to counter threats present in secure connections. Verifying the contents of a secure connection is impossible by virtue of its secure nature, as demonstrated by the different types of protection listed above. As a result, malicious data within secure channels can cause a significant amount of damage, and sometimes more than if it were to be transmitted via a standard, non-s...
SQL Server Integrated Security
Hi All We are using PB6.5.1 EBF 1299 and connect to a sql server7.0 DB. We set the sqlca parameters during connection using a profile set up in the registry. If the sqlserver security authentication is set to 'Windows only' even if the info in the profile is wrong , the application will connect using the windows login info , which is right. But if the authentication is set to 'SQL Server and Windows', if the info in the profile is wrong the connection fails , it does not check for the windows authentication. Is it possible to connect in PB using Mixed mode ie some...
How secure is secure enough?
July 28, 2008 (Computerworld) This story originally appeared in Computerworld's print edition. If there is a Holy Grail in the information security industry, it surely is the answer to the question, "How secure is secure enough?" It's a question that many security managers have either avoided answering altogether or tried to quickly sidestep by throwing a fistful of mainly pointless operational metrics at anyone who cared to ask. http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=321921&intsrc=hm_list -- "Never d...
Security
This is a multi-part message in MIME format. --------------080100010401000103080002 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit I'm a Mac user 10.4.8 of Thunderbird 1.5.0.7 & am wondering how "Enabling FIPS" will improve my security? I can't seem to find any explanation of FIPS under Thunderbird help. -- Have a good day R Schwager --------------080100010401000103080002 Content-Type: text/html; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Tr...
Windows Security vs. SQL Server Security: Procedure?
I'm so new to DNN that I'm installing it on a development server for the first time. I'm following the procedures for installing DNN as set out in the book DotNetNuke ASP.NET Portals by Shaun Walker, et al. The book indicates two security paths for setting up the database for SQL Server 2000: 1. Windows Security and 2. SQL Server Security. Although it recommends Windows Security, it then provides the steps for SQL Server Security, which it acknowledges as the less secure of the two options. I understand why it proceeds down the SQL Server Security ins...
SQL Server Integrated Security
Hello Friends, I want to implement Integrated Security for SQL Server connection. Could you please tell me what the steps I need to follow inorder to achive this? FYI: IIS & SQL Server are in different machines. Thank you, Sree See if this helps you: http://weblogs.asp.net/AChang/archive/2004/04/15/113866.aspxThanks,MaxLet Me Google That For You!...
Lo everyone, I wrote a custom authentication handler for PureFTPD, using a combination of authentication methods, for about 4 different types of users. So far, from testing it, it does look to work properly, and does it's job pretty well (and fast). I use #!/usr/bin/perl -W as well as use Strict, and use warnings, and the code returns no errors or warnings when run. I am right to presume that this basically only really tells me the my syntax and structure of the application is right? What's a good way to see whether it is actually SECURE... There is a couple of lines of...
security too secure
Name: joe Product: Firefox Summary: security too secure Comments: The security thing won't let me in this sight no matter how I accept, confirm, get certificate, etc. https://www.vtext.com/customer_site/jsp/messaging_lo.jsp Browser Details: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.4; en-GB; rv:1.9.1b4) Gecko/20090423 Firefox/3.5b4 From URL: http://hendrix.mozilla.org/ Note to readers: Hendrix gives no expectation of a response to this feedback but if you wish to provide one you must BCC (not CC) the sender for them to see it. ...
How secure is secure?
Thanks to this group and all the high tech individuals who frequent it I have learned how to protect my PC from the inside out. But what about security risks to my info 'before' it gets to my computer? Like my mail box on the server. Could someone hack into that and thumb through my mail? If so, how would I ever know? (The short story) We have a rogue employee at my work who one day decided to run the web site, she got in tight with the ISP, got tools to set and delete passwords on a protected directory on the server. Who knows if she has telnet access to other things, li...
Any security issues using Impersonation along with Forms Authentication with Integrated Security (SQL SERVER 2000)?
I currently running a ASP.NET application (Visual studio 2003) with SQL Server 2000. For security I am using forms authentication and integrity security for sql server enabling the ASP.NET account. I am developing a module that create, delete and upload files on a network directory. If I set impersonation in the web config to true and specify a username/password will that conflict with my current security? Would it be better to make impersonation specific to this page? Any ideas on the approach? Thanks ...
differance between Persist Security Info and Integrated Security
hi i want to know what is the differance between Persist Security Info=False;Integrated Security=Yes;Nothing is really over,untill the moment stop trying for it...Amitsp(MCTS,MCP)sqlreporting.blogspot.com Hi, The Persist Security Info property specifies whether the data source can persist sensitive authentication information such as a password. The Integrated Security propery specifies the type of database authentication. If the property is set to be false, you have to set your userid and password manually and if it is set to be true you can pass the authenti...
(IN)SECURE Magazine from Net-Security (PDF download)
A little more light reading :-) Latest issue, #13: http://www.net-security.org/insecuremag.php (86 pages, with ads [not animated ads] - like a printed magazine) Archives of past issues: http://www.net-security.org/insecure-archive.php ISSUE 13 (September 2007) * Interview with Janne Uusilehto, Head of Nokia Product Security * Social engineering social networking services: a LinkedIn example * The case for automated log management in meeting HIPAA compliance * Risk decision making: whose call is it? * Interview with Zulfikar Ramzan, Senior Principal Re...
form security against security
i have a form in my website which is to be filled by user and that form stores in database(sql server 2005). but someone told me that anyone can run script in textboxes in that form and can damage database, so how to avoid such security lack. it is common practice to use parameterized sql statements or stored procs to insure you are protected from sql injections attacks. if you concatenate user input directly into a sql statement, then you are at risk.Mike Banavige~~~~~~~~~~~~Need a site code sample in a different language? Try converting it with: http://converte...
Problem with SQL Integrated Security
Hi, I'm running a DNN3.1.1 on W2K3 server on a one machine and SQL2000 on W2K3 in other machine. I need to used integrated security to access to SQL I put in web.config this lines: <add key="SiteSqlServer" value="Data Source=myserver;Initial Catalog=DotNetNuke_Des;Integrated Security=sspi;persist security info=false;trusted_connection=yes" /> <authentication mode="Forms"> <forms name=".DOTNETNUKE" protection="All" timeout="60" /> </authentication> <...
Secure connections: how secure are they?
*QUOTE* ......... both useful and malicious information can be transmitted via network connections. Standard solutions protect computers against threats present in standard network connections, but aren't able to counter threats present in secure connections. Verifying the contents of a secure connection is impossible by virtue of its secure nature, as demonstrated by the different types of protection listed above. As a result, malicious data within secure channels can cause a significant amount of damage, and sometimes more than if it were to be transmitted via a standard, non-s...
SQL Server Integrated Security
Hi All We are using PB6.5.1 EBF 1299 and connect to a sql server7.0 DB. We set the sqlca parameters during connection using a profile set up in the registry. If the sqlserver security authentication is set to 'Windows only' even if the info in the profile is wrong , the application will connect using the windows login info , which is right. But if the authentication is set to 'SQL Server and Windows', if the info in the profile is wrong the connection fails , it does not check for the windows authentication. Is it possible to connect in PB using Mixed mode ie some...
How secure is secure enough?
July 28, 2008 (Computerworld) This story originally appeared in Computerworld's print edition. If there is a Holy Grail in the information security industry, it surely is the answer to the question, "How secure is secure enough?" It's a question that many security managers have either avoided answering altogether or tried to quickly sidestep by throwing a fistful of mainly pointless operational metrics at anyone who cared to ask. http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=321921&intsrc=hm_list -- "Never d...
Security
This is a multi-part message in MIME format. --------------080100010401000103080002 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit I'm a Mac user 10.4.8 of Thunderbird 1.5.0.7 & am wondering how "Enabling FIPS" will improve my security? I can't seem to find any explanation of FIPS under Thunderbird help. -- Have a good day R Schwager --------------080100010401000103080002 Content-Type: text/html; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Tr...
Windows Security vs. SQL Server Security: Procedure?
I'm so new to DNN that I'm installing it on a development server for the first time. I'm following the procedures for installing DNN as set out in the book DotNetNuke ASP.NET Portals by Shaun Walker, et al. The book indicates two security paths for setting up the database for SQL Server 2000: 1. Windows Security and 2. SQL Server Security. Although it recommends Windows Security, it then provides the steps for SQL Server Security, which it acknowledges as the less secure of the two options. I understand why it proceeds down the SQL Server Security ins...
SQL Server Integrated Security
Hello Friends, I want to implement Integrated Security for SQL Server connection. Could you please tell me what the steps I need to follow inorder to achive this? FYI: IIS & SQL Server are in different machines. Thank you, Sree See if this helps you: http://weblogs.asp.net/AChang/archive/2004/04/15/113866.aspxThanks,MaxLet Me Google That For You!...