IIS / SQL 7.0 authentication - best practices?

IIS / SQL 7.0 authentication - best practices?

Post by Pete Applet » Wed, 01 Aug 2001 01:08:35



I am trying to develop an intranet that will hold sensitive data.
Having looked at technet, I know that I can't use challenge / response
authentication on the IIS machine and integrated authentication on the
SQL machine (different servers), but all the workarounds look very
ugly.  It seems that I have a few choices:

1.  Use basic authentication for IIS, integrated for SQL.  However,
I'm then passing passwords over the network in plain text.  Also, I
still can't get it to work.
2.  Allow anonymous access to the web site, and add the IUSR...
account to SQL's users.  However, everyone then runs at the same
permissions and I lose user-level auditting (there are triggers that
record who did what for certain actions)
3.  Use standard security for SQL.  This, however, means storing the
user ID & password somewhere on the web server.

Presumably, there is a set of 'best practices' for doing this...
umm... what are they?

Thanks,

Pete Appleton

 
 
 

1. Best Practices: SQL 7.0 backup

I am the Network Administrator for a small ASP (Application Service
Provider) -- We are running IIS with .asp pages that connect to an SQL 7.0
SP1 server.  This server is running Windows 2000 Advanced Server in a
co-location in another state (over 1 hour driving distance).  We do not have
a WAN to this co-location, but we are using the standard W2K VPN as a full
time connection.

Will SQL 7.0 run a backup on-the-fly or do I have to shut down SQL and run
an off-line backup?  We have some global customers, so SQL can not be shut
down for any amount of time.

I have a few more questions, but I need this one answered first.

Thank you in advance,

TR

2. aliasss's

3. Accessing SQL 7.0 through ASP using SQL authentication rather than NT authentication

4. Help with FoxPro 2.6 for mac

5. sql 7 odbc from iis box to sql box using NT authentication

6. Packed Decimal algorithm for 4gl?

7. good (best) practice question

8. Problems In SQL Server but OK in Access...

9. IIS / ADO / SQL Authentication

10. IIS and SQL Windows Authentication

11. IIS & SQL, NT authentication for Web

12. IIS, SQL Server and NT Authentication

13. Q's on Integrated Windows Authentication across IIS and SQL Server 2000