Best Security For Small Database
-
Howdy! I'm creating an application to keep track of people at an event. The app will run on a Windows 7 laptop, and have no network connectivity (I believe that means it's single tier?). The app is going to be written in C# 2008 Express, with the database in SQL Server 2008 Express. Here's the security concerns for the app: About 8 people (door volunteers) will use the app in a night, to register dancers when they arrive. Every half hour, the volunteer changes. The volunteers are highly computer challenged (or must be assumed to be so). I don't want a windows login for each volunteer. The app will prompt for the volunteer to "log in" to the app, as their shift starts. I'm considering a single windows user for the whole app. The volunteer app "login" will just be a record of whose at the door at a giving time. Here's my question: Is the best way to set up the database security to create the app user in windows, or to use SQL Authentication from within the program? What considerations indicate the best choice? Thanks, Jess
-
Howdy! I'm creating an application to keep track of people at an event. The app will run on a Windows 7 laptop, and have no network connectivity (I believe that means it's single tier?). The app is going to be written in C# 2008 Express, with the database in SQL Server 2008 Express. Here's the security concerns for the app: About 8 people (door volunteers) will use the app in a night, to register dancers when they arrive. Every half hour, the volunteer changes. The volunteers are highly computer challenged (or must be assumed to be so). I don't want a windows login for each volunteer. The app will prompt for the volunteer to "log in" to the app, as their shift starts. I'm considering a single windows user for the whole app. The volunteer app "login" will just be a record of whose at the door at a giving time. Here's my question: Is the best way to set up the database security to create the app user in windows, or to use SQL Authentication from within the program? What considerations indicate the best choice? Thanks, Jess
That all sounds reasonable. A concern I see is the amount of time spent changing users. If there's a line of dancers waiting to be checked in and out, you may not want to wait for Windows to log out and back in and restart the app. So I would have users as a feature of the application. A supervisor-type user can add and remove users. And a user would log into the app by menu or drop-down -- you may or may not ask for a password. So, I would have a User table which contains the details of each user. The ID of the user can then be attached to the various actions (check-in, check-out) taken within the system.
-
Howdy! I'm creating an application to keep track of people at an event. The app will run on a Windows 7 laptop, and have no network connectivity (I believe that means it's single tier?). The app is going to be written in C# 2008 Express, with the database in SQL Server 2008 Express. Here's the security concerns for the app: About 8 people (door volunteers) will use the app in a night, to register dancers when they arrive. Every half hour, the volunteer changes. The volunteers are highly computer challenged (or must be assumed to be so). I don't want a windows login for each volunteer. The app will prompt for the volunteer to "log in" to the app, as their shift starts. I'm considering a single windows user for the whole app. The volunteer app "login" will just be a record of whose at the door at a giving time. Here's my question: Is the best way to set up the database security to create the app user in windows, or to use SQL Authentication from within the program? What considerations indicate the best choice? Thanks, Jess
Do NOT use windows logon within the database security. Create a "functional" id in sql server with a usedid and password, have the application use this ID as the credentials to connect to the database. Manage the user security within the application rather than use windows/sql security. As Piebal suggested have a used table with credentials that can be managed from within your application by an administrator (you presumably)
Never underestimate the power of human stupidity RAH
-
Howdy! I'm creating an application to keep track of people at an event. The app will run on a Windows 7 laptop, and have no network connectivity (I believe that means it's single tier?). The app is going to be written in C# 2008 Express, with the database in SQL Server 2008 Express. Here's the security concerns for the app: About 8 people (door volunteers) will use the app in a night, to register dancers when they arrive. Every half hour, the volunteer changes. The volunteers are highly computer challenged (or must be assumed to be so). I don't want a windows login for each volunteer. The app will prompt for the volunteer to "log in" to the app, as their shift starts. I'm considering a single windows user for the whole app. The volunteer app "login" will just be a record of whose at the door at a giving time. Here's my question: Is the best way to set up the database security to create the app user in windows, or to use SQL Authentication from within the program? What considerations indicate the best choice? Thanks, Jess
Q. Why do you need each volunteer to be separately logged in? Do you need to keep track of who let in whom? Assuming you're not too concerned about someone trying to steal or knacker the database then the type of security doesn't really matter - integrated or not that is. You could do something as simple as asking them to type in their name (selection from a drop down could be risky - what if someone volunteers in another user's place?) and then log that in the database. Disable the entry of the name on a login/logout button and bob's your uncle.
___________________________________________ .\\axxx (That's an 'M')