> I have always discouraged it, opting to go with an
> application-level security model. My question is, is it
> possible to pass the NT user authentication information
> directly to the SQL server thru CF? The goal would be to
> have the SQL server handle the security of the data. Any
> thoughts, ideas, comments on if this is possible and how, and
> if it's a good idea or not, and why?
You may be able to do this using the CFIMPERSONATE tag. If you take this
approach, though, your application won't work with CFMX, which doesn't
support Windows account impersonation.
In general, I try to avoid using user-specific database logins within
applications for a couple of reasons. One reason is, if you have the luxury
of developing the application from scratch, it's pretty easy to rely on
application logins and an application security model expressed within the
data itself, rather than within the database. Using database logins requires
that you manage those logins with your specific database tools. Admittedly,
this is pretty easy using SQL Server and Windows authentication, but it's
not so easy with other databases, generally.
In addition, you may run into some performance issues, as each user will
require her own database connections.
Dave Watts, CTO, Fig Leaf Software
http://www.figleaf.com/
phone: 202-797-5496
fax: 202-797-5444
[Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings]
