I’ve been reading Craig McMurtry’s series on Application Security. It is interesting stuff, especially the use of ADAM as repository for application security information. I certainly can understand why you would want to store user information in a central repository, but I am still struggling with the idea of storing all of the authorization information outside of the application database. What happens in a multi-database scenario? A user may have access rights to certain information in a database for one company, but not in the database for another company. Also, by moving the roles and role assignments out of the database, when I back up the database, I don’t back up that information. I guess if ADAM actually ran in Windows 2000 server I would be a bit more concerned, but at this point it is going to be a few more years before the majority of my clients are running W2K3 server.
October 31, 2004 Uncategorized Comment off Darrel Miller
Application Security
Related Blog
The Strategic Advantage of Nearshore Staff
June 4, 2024
In The Mood For HTTP –
February 20, 2022
Optimizing for the Speed of Light
February 18, 2019