SQL Server 2008 and ASP.net Login Best Practice Question

Question

0.00/5 (No votes)

See more:

, +

I'm having to set up security for a web application where we will be having users outside of our domain logging in to access PHI (Patient Health Information) data. I would like to use the ASP.net login controls but have a question about best practices for the database for storing the login information.

Can the security login data be set up in a different database from the database containing the PHI data? Or do the tables containing the security data need to reside in the same database? We may have other application that we will need to use the asp.net controls and store the login information and I was thinking it was better to have it all in one database.

What does everyone else think? What have you done when it comes to security? Are there any links, articles, or white papers talking about best practices for securing login information?

Thanks,
Carolyn

Posted 22-Nov-11 10:38am

CARisk3

Add a Solution

1 solution

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

Eduard Lu · Answer 1 · 2011-11-22T15:38:00

Solution 1

Hi Carolyn,

There is no problem in using the same database as long as you encrypt the password field using md5, sha1, sha256, etc.

Regards,
Eduard

Posted 22-Nov-11 15:38pm

Eduard Lu