T
Ted
I have read a lot about how ASP.NET uses IIS for authentication, and
how the default database server is MS SQL Server Express. But I have
the developer's version of MS SQL Server 2005 (along with MS Visual
Studio 2005, and I downloaded .NET v 3.0)
But, I also have MySQL and PostgreSQL installed, and I'd like to be
able to use any of the three database servers to support
authentication.
Also, is it possible to mix ASP.NET v2 or v3 (on IIS) pages with ASP
pages (written in Perl and deployed on Apache webserver) and JSP and
servlets (probably with some pages running on Tomcat and others on,
e.g., Sun's application server)? Call me paranoid, but I don't to
leave all my security eggs in one basket, unless it proves to be
impossible to find a way to develop a combination (e.g. JScript for
client side validation, Perl for server side validation, Security
services available in Java for JSP and servlets, database servers that
will respond only to requests that come from a machine on the same
subnet and behind the same firewall, &c.).
What I want to do can't be that unusual! Can anyone point me to a
documented example, in which the documentation discusses pros and cons
and best practices for making web applications as secure as
practicable? Unfortunately, all my references that discuss web
application security focus on a single technology and none discuss the
pros and cons and "how to" of using different technologies together.
Thanks
Ted
how the default database server is MS SQL Server Express. But I have
the developer's version of MS SQL Server 2005 (along with MS Visual
Studio 2005, and I downloaded .NET v 3.0)
But, I also have MySQL and PostgreSQL installed, and I'd like to be
able to use any of the three database servers to support
authentication.
Also, is it possible to mix ASP.NET v2 or v3 (on IIS) pages with ASP
pages (written in Perl and deployed on Apache webserver) and JSP and
servlets (probably with some pages running on Tomcat and others on,
e.g., Sun's application server)? Call me paranoid, but I don't to
leave all my security eggs in one basket, unless it proves to be
impossible to find a way to develop a combination (e.g. JScript for
client side validation, Perl for server side validation, Security
services available in Java for JSP and servlets, database servers that
will respond only to requests that come from a machine on the same
subnet and behind the same firewall, &c.).
What I want to do can't be that unusual! Can anyone point me to a
documented example, in which the documentation discusses pros and cons
and best practices for making web applications as secure as
practicable? Unfortunately, all my references that discuss web
application security focus on a single technology and none discuss the
pros and cons and "how to" of using different technologies together.
Thanks
Ted