容纳 .Net ASPNETDB 成员资格和角色数据库的最佳位置

发布于 2024-10-28 00:33:47 字数 520 浏览 3 评论 0原文

我目前正在开发一个业务应用程序,最终将托管在 .Net 托管公司。托管公司提供 1 个 MSSQL DB(2 个用户)和无限数量的 MySQL DB。购买第二个 MSSQL DB 是不可能的,因为我的老板不想再为托管付费。我正在尝试确定容纳 ASPNETDB 以进行站点身份验证和角色的最佳位置。

我的第一个想法是利用其中一个 MySQL 数据库来实现此目的,但我注意到似乎需要一些跳跃才能完成此选项。另一种选择可能是将 ASPNETDB 保留在 Express DB 文件中。

最后,我还考虑过将其与应用程序表一起存放在 MSSQL DB 中。这个选项让我感到害怕,因为如果我不小心搞砸了应用程序中的某些内容,ASPNETDB 表可能会受到 SQL 注入的影响。当然,我会尽力确保这种情况不会发生,但我想知道我有额外的安全层,知道它位于自己的数据库中。

托管公司确实允许两个 MSSQL DB 用户,因此从理论上讲,这将允许我拥有一个专用于身份验证的用户,并限制另一个用户一起访问 ASPNETDB 表。

作为一名开发人员,您会推荐什么方法?预先感谢您的帮助。

I am currently developing a business application that will ultimately be hosted at a .Net hosting company. The hosting company provides 1 MSSQL DB (with 2 users) and an unlimited number of MySQL DBs. Purchasing a second MSSQL DB is out of the question as my boss doesn't want to pay any more for the hosting. I am trying to determine the best place to house the ASPNETDB for site authentication and roles.

My first thought was to take advantage of one of the MySQL DBs for this purpose but have noticed that it appears to take some hoop jumping to accomplish this option. Another option may be to keep the ASPNETDB in a Express DB file.

Finally, I have also thought about housing it in the MSSQL DB with the application tables. This option scares me because if I accidentally screw something up in the application, the ASPNETDB tables could be open to SQL injection. Of course, I will do my best to ensure this won't happen anyway, but would like to know I have that extra layer of security knowing it is housed in its own DB.

The hosting company does allow two MSSQL DB users, so this in theory would allow me to have one user dedicated to authentication and restrict the other user from being able to access the ASPNETDB tables all together.

As a fellow developer, what method would you recommend? Thanks in advance for your help.

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(2

蓝咒 2024-11-04 00:33:47

使用 MSSQL DB 并使用预配置的 ASP.NET 成员资格提供程序和角色提供程序。这是最简单的方法。限制表级访问并仅使用存储过程。

Use the MSSQL DB and use the preconfigured ASP.NET Membership provider and Roles provider. This is the easiest method. Restrict Table level access and use only Stored Procedures.

一绘本一梦想 2024-11-04 00:33:47

听起来你对这些东西有点陌生,对吗?因此,不要给自己制造太多的麻烦。不要尝试将其放入 mysql,那是一个错误。我知道它是免费的,但它是为与 MSSQL 一起使用而编写的。是的,使用其他用户是个好主意。只需确保清理您的输入并在 SQL 语句上使用属性,或者更好的是至少使用类似 ORM 的实体框架或 Linq to SQL。

Sounds like you are a bit green to this stuff, am I correct? Because of that dont create too many headaches for your self. Dont try to put it in mysql, thats a mistake. I know its free, but it was written to work with MSSQL. Yes, using the other user is a good idea. Just be sure to sanitize your inputs and use properties on your SQL statements or better yet use an ORM like entity framework or Linq to SQL at the least.

~没有更多了~
我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
原文