Of course the "right" way to do it would be to have the database back-end manage authentication, but this turns into a support nightmare for the developer. Take it from someone who's been there -- if you do it the "right" way, you'll end up spending most of your valuable tech support engineers' time supporting MS SQL or ORACLE or DB2 issues, when they really should only be supporting the application itself. It is tempting to just say, "Well, that's a Microsoft/Oracle/IBM problem" if you're that tech support engineer. But in the end you must support your customer. This means that now all your support engineers have to become experts in five different database packages -- that's not going to happen!
Dig Deeper on SQL Server Security
Related Q&A from Steven Andres
Find how to create a SQL Server 2000 login account and then set user account rights to specific databases with "db_owner." Continue Reading
Learn why SQL Server 2000 connection is lost on the client side when database administrator changes 'SA' password on the SQL Server domain. Continue Reading
Learn how to create a SQL Server user authentication schema having password and tracked data changes requirements and how it involves Windows ... Continue Reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.