Question:
Is there a “best” way to design VB/ASP apps to deal with SQL (7.0) security? For example, in a WAN environment and a Web application where the app needs to set up SQL users, somebody or some ActiveX component has to have SQL Server Administrator rights. Is there any way around this? Or do you have any suggestions on where to locate information on this subject?
Answer:
The facilities of Windows NT are superior to the database for controlling password length, password aging, and reuse, and other security elements that are better done in the OS rather than the server.
That said, it is possible to use the fixed server roles to control access&151;perhaps a new “bogus” administrator group with the appropriate denies in place would suit your situation.