Questions on site security

Discussion in 'ASP .Net' started by Robert Dufour, May 8, 2007.

  1. 1- The standard security provider uses SQL express and is known as
    AspNetSqlProvider and ituses SQL express. Playing around with it on my dev
    environment I find that if I open it with the Sql server management studio
    and attach it I induce errors in the application that is running.
    That means that it is probably not possible to do maintenance on the
    database when the site is running.
    I have found that apps using the standard sql server 2005 allow you to use
    management studio without problem when the site is running, Question is,
    would it not be more reliable to use sql server full version instead of the
    express version? and if so, how would you do that? ie send all the stuff
    required to a full version of sql server instead of an express version. It
    looks like ther might be a lot of stuff needed. Also is not sql express
    limited to the number of connections and would that not cause a problem if
    the number of user of the site went up significantly?

    2- Often I would think, the login users of the site are also either
    customers or , if the site is being used for some administrative task,
    employees. In any case the membership table would need to be made to have
    some relation to either a customers table or an employee table. For instance
    if an employee leaves and you delete or deactivate his/her record you could
    automatically delete or deactivate his/her membership record. Would it not
    be better if all the tables for the membership and all the procedures were
    in the same database as the other tables for the app?

    3- How the devil do they do the encryptions, I am looking at the insert and
    update statements in the stored procedures and there is not one iota of code
    that does encryption, yet the colums are encrypted. If I wanted to make a
    windows app for my login administrators how would I get the columns that
    need encryption encrypted. There must be a call made thru a dll somewhere.
    Anyone know what it is?

    Thanks for any help.

    Robert Dufour, May 8, 2007
    1. Advertisements

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. suzy
  2. Michael Pearson
    Michael Pearson
    Jul 31, 2003
  3. Dinis Cruz

    Asp.Net Security Analyser (new security tool by DDPlus)

    Dinis Cruz, Oct 8, 2003, in forum: ASP .Net Security
    Dinis Cruz
    Oct 11, 2003
  4. Michael Randrup
    Henning Krause [MVP]
    Mar 27, 2006
  5. Kursat
    Dominick Baier
    May 7, 2007

Share This Page