Please start any new threads on our new
site at https://forums.sqlteam.com. We've got lots of great SQL Server
experts to answer whatever question you can come up with.
| Author |
Topic |
|
smousumi
Starting Member
19 Posts |
 Posted - 2004-03-30 : 01:51:00
|
| Hii,What r the various Authetication modes in SQL Server.?Which one best regarding the security ? windows Authentication or server authentication.Can we pass windows user name and pwd in connectstring from front end?Help me out.Thanks....mousumi |
|
|
eyechart
Master Smack Fu Yak Hacker
3575 Posts |
Posted - 2004-03-30 : 02:08:19
|
quote:
Originally posted by smousumiWhat r the various Authetication modes in SQL Server.?
You can use Windows authentication or SQL authentication. The server itself can be put into two modes, one allowing only windows authenticated clients, the other allowing both windows authentication and SQL authentication (this is called Mixed Mode).quote:
Which one best regarding the security ? windows Authentication or server authentication.
Microsoft recommends using Windows authentication only. However, in the real world we have to deal with third party apps and most of the time using only windows authentication is not possible.Windows authentication is better in many ways. However, it is a little more complicated to set up. You need an WinNT domain or win2k Active directory environment, along with all the resources required to support such an environment (DNS, WINS, etc.) SQL authentication is simple, but you do not have much control over the accounts you setup. You simply create a user and password in SQL Server and grant that user access to your database using security roles. Being so simple has a downside, things like minimum password length, password expiration, auditing etc are not supported using SQL authentication.quote:
Can we pass windows user name and pwd in connectstring from front end?
The nice thing about windows authentication is that you do not need to pass a username and password in the connection string. Your connection is authenticated using the domain token you received when you authenticated yourself to the AD or domain. This type of authentication is transparent to the user, you only need to authenticate once when you login. However, you can specify a different domain user and password in the connectstring if you want.-ec |
 |
|
|
TSQLMan
Posting Yak Master
160 Posts |
Posted - 2004-03-30 : 21:28:16
|
| Just an FYI, if your front end is written in asp.Net or other Web Front end, that brings a whole new set of issues. If not Integrated Windows Security works well. |
|
|
|
|
|
|
|
|
Query - Security in SQL Server