--- Bob Provencher <[EMAIL PROTECTED]> wrote: > We're talking about two different things. Windows authentication from the > web server process to the database, not from the end user to the web server > through to the database.
Kind of blows that whole protect your network from the web server thing, no? ;-) There is an assumption in security best practices that web servers can be more easily compromised than internal systems, and thus anything the web server can do with it's permissions should be as limited as possible. Allowing full acess to a a database would probably fit under the list of things not allowed. You could just as easily argue that if the web server is compromised, you are screwed anyway because the attack would probably have access to whatever technique you use to get database credentials. One other complication is that the machine account can't (and shouldn't) be used to access a database on another server, so you have to run that web server appdomain as a network user. This requires putting a password in a config file.... and you are right back where you started. ===== Philip - http://blogs.xcskiwinn.org/panmanphil "There's a difference between righteous anger and just being crabby" - Barbara =================================== This list is hosted by DevelopMentor� http://www.develop.com Some .NET courses you may be interested in: Essential .NET: building applications and components with C# November 29 - December 3, in Los Angeles http://www.develop.com/courses/edotnet View archives and manage your subscription(s) at http://discuss.develop.com
