Database Design Issue
-
I'm building a web application which has lots of users, each with lots of security rules. what is better??? 1- to make a table for users and another table for permissions. and insure by coding(in ASP.NET for example) the security 2- to create for each user in the system new user in the DBMS itself and assign the security from the database. Thanks in Advance
-
I'm building a web application which has lots of users, each with lots of security rules. what is better??? 1- to make a table for users and another table for permissions. and insure by coding(in ASP.NET for example) the security 2- to create for each user in the system new user in the DBMS itself and assign the security from the database. Thanks in Advance
First one is better,because the users are specific to your application not your DB. if u create a user in db even when ur Application is Down . hte users can access the DB directly and update the DB. use the Design which is specific to ur application.
If U Get Errors U Will Learn If U Don't Get Errors U Have Learnt
-
I'm building a web application which has lots of users, each with lots of security rules. what is better??? 1- to make a table for users and another table for permissions. and insure by coding(in ASP.NET for example) the security 2- to create for each user in the system new user in the DBMS itself and assign the security from the database. Thanks in Advance
Mostafa Siraj wrote:
I'm building a web application which has lots of users, each with lots of security rules. what is better??? 1- to make a table for users and another table for permissions. and insure by coding(in ASP.NET for example) the security 2- to create for each user in the system new user in the DBMS itself and assign the security from the database.
Number 2 is a bad idea because every time you create a user from your ASP.NET application you will have to supply the database with sufficient permission to perform that action. If your application is attacked, do you really want the attacker to have the ability to create users in the database? Number 2 is also a bad idea from a performance perspective. It means you won't be able to take advantage of the pooling of connections in your ASP.NET application as each user will be using a different connection. If they all use the ASP.NET user connection then you get the advantages of connection pooling. So, by a process of elimination the answer seems to be #1. However, you can implement some of this in SQL Server by using Stored procedures and passing in a user ID and constraining the data returned based also on the user.
Upcoming FREE developer events: * Developer Day Scotland Recent blog posts: * Follow up on hiring a software developer * Aarrgghh!! Accidentally pressing the Caps Lock key My website | blog
-
I'm building a web application which has lots of users, each with lots of security rules. what is better??? 1- to make a table for users and another table for permissions. and insure by coding(in ASP.NET for example) the security 2- to create for each user in the system new user in the DBMS itself and assign the security from the database. Thanks in Advance
Hello, Why dont you try ASP.NET security? Nice website for some ideas: http://weblogs.asp.net/scottgu/archive/2006/02/24/ASP.NET-2.0-Membership_2C00_-Roles_2C00_-Forms-Authentication_2C00_-and-Security-Resources-.aspx[^] Regards, Adeel
Do rate the reply, if it helps or even if it doesnot, because it helps the members to know, what solved the issue. Thanks.
-
I'm building a web application which has lots of users, each with lots of security rules. what is better??? 1- to make a table for users and another table for permissions. and insure by coding(in ASP.NET for example) the security 2- to create for each user in the system new user in the DBMS itself and assign the security from the database. Thanks in Advance
The first is better. Easier to maintain and look at the reason Colin said for #2 in his reply.
"Real programmers just throw a bunch of 1s and 0s at the computer to see what sticks" - Pete O'Hanlon