We have created an application in VB6 where mulitple clients access a SQL
Server 2000 database. The application uses the 3tier model. We currently hav
e
20 users, but this will probably increase exponentialy. All users uses the
same SQL username and password and we handle the security in the application
.
I need advice on where and how to store the sql login username and password.
Thank you.If you are using three tiers, the safest place for the USR and PWD is in the
middle tier.
Assuming a COM+ object, you get the administrator to assign the account and
password to the middle tier. Assuming that no one has direct access to that
machine, then the password is pretty safe.
If you manage it all from the client tier, then you must store the passwords
somewhere, encrypt it somehow, and protect the knowledge of how to decrypt
it. There are several routines available out there (try GOOGLE) that you
can use for the encrypt / decrypt.
Russell Fields
"Hugo" <Hugo@.discussions.microsoft.com> wrote in message
news:7137E0FF-D18F-4FBB-B167-EB63C93FEC44@.microsoft.com...
> We have created an application in VB6 where mulitple clients access a SQL
> Server 2000 database. The application uses the 3tier model. We currently
have
> 20 users, but this will probably increase exponentialy. All users uses the
> same SQL username and password and we handle the security in the
application.
> I need advice on where and how to store the sql login username and
password.
> Thank you.
>|||We have not moved to COM+ yet. I wanted to know if there is any standard
practice for client apps.
I will now the registry with ecryption.
Thank you.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment