using an SQL Table as the source for sql logins?

Posted on 2012-08-31
Last Modified: 2012-08-31
Hi all,

Im just wondering if its possible to use an SQL table as the source for SQL logins, basically i want the logged in users credentials to log in as the sql connection string.

ID presume thats how most login sites do it? or do they have a connection string with 1 login? is that secure?

Question by:awilderbeast

    Assisted Solution

    i cant speak for all software developers but the most of them are using a connection string for login to sql servers and implement the security as a part of their software.
    LVL 142

    Assisted Solution

    by:Guy Hengel [angelIII / a3]
    you can of course create as many sql logins as you want, and use that one for the connection.
    otherwise, if you created your own table, you use 1 single sql login for the connection string, and do a "application wise" login (checking the username/password) in your own table.
    LVL 49

    Accepted Solution

    As far as I know standard practice is

    App has a login to SQL
    Table in database stores app logins.

    I don't think one is more secure than the other - I usually store connection strings in a resource that is not browsable (file / registry) so the only way to get it is to get access to the physical server. Or using preferably using Integrated security so only the IIS user account has access.

    Creating a new user in SQL for each new login is possible but quite complex compared to adding a row to a table. One could argue it is more secure than the stored user name and password method but it is on a par with Integrated security so I would go with that.

    Setup your server with integrated security and manage the logins in a table.
    LVL 1

    Author Closing Comment


    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Why You Should Analyze Threat Actor TTPs

    After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

    Naughty Me. While I was changing the database name from DB1 to DB_PROD1 (yep it's not real database name ^v^), I changed the database name and notified my application fellows that I did it. They turn on the application, and everything is working. A …
    In this article I will describe the Backup & Restore method as one possible migration process and I will add the extra tasks needed for an upgrade when and where is applied so it will cover all.
    It is a freely distributed piece of software for such tasks as photo retouching, image composition and image authoring. It works on many operating systems, in many languages.
    Hi everyone! This is Experts Exchange customer support.  This quick video will show you how to change your primary email address.  If you have any questions, then please Write a Comment below!

    760 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    10 Experts available now in Live!

    Get 1:1 Help Now