Guidelines For Designing Access Control For Databases On The Web Server

By Author: unknownmem
Total Articles: 128
Comment this article

Backend databases, databases installed on a server other than the A+ certificate(http://www.aplus-220-701.com)
Web server, are often a part of an IIS application. However, databases can also be installed directly on the Web server. To secure databases use the following guidelines:
Use the security features of the database.Many databases have built-in controls that specify user accounts and provide granular access controls for administration, applications, and data tables.
Control Web-based access to the database.Some database access controls,such as those produced by the Microsoft FrontPage 2000 to provide access to a
database, include provisions for authentication before the database can be accessed. If the application is developed in-house, provide controls over access
via Web pages.
Control Web-based access to databases that use ODBC.Set password settings for the Data Source Name (DSN). The DSN is used by an active server page
or other application to refer to the database.
Use NTFS as appropriate to restrict access. Databases can restrict access via database resident controls. ...
... The NTFS permissions set on the database file itself might not be relevant except to provide system and administrative access for file management.
Use Web authentication methods to control access to the Web server.The use of user credentials for database access can be configured. Consider whether this is the appropriate solution for the type of A+ Exams(http://www.aplus-220-701.com)
database access required.
Recording who is accessing the Web server and what is happening on the Web server can help you detect possible attacks and understand how an attack occurred, as well as gather evidence that might assist in locating and prosecuting the person who attacked the site.
Keep different file types in separate directories, and set appropriate NTFS permissions.Recommendations on the best way to do this are outlined in
Table 13-1.
This is an account provided for compatibility with IIS 5.0. It is possible to run the Web server in IIS isolation mode instead of the worker process isolation mode provided in IIS 6.0. When applications are run in IIS isolation mode, they are run in the context of the highly privileged local system account. Applications can also be run out-of-process, and then the YWAM_computername is used. This account has fewer privileges on the server.
A process identity is the Windows account that a process runs under Free MCSE PDF questions(http://www.examshots.com/certification/MCSE-2003-50.html)
. When anonymous access is allowed, the IUSR_computername is the process identity.