1 user per db

Discussion in 'Suggestions' started by Straw, Nov 10, 2009.

  1. Hello, Winhost,

    What is the reason for limiting a db to one user account? This severly impacts the ability to develop multiuser apps that control what individual users should have access to depending upon their role in the organization.

    Last edited by a moderator: Oct 14, 2015
  2. curtis

    curtis Winhost Staff

    We will take that as a suggestion for possible future enhancements.
  3. Why not use a security/role table instead of SQL security in the application?

    After all you can not tie the users on the Winhost SQL to your active directory.
    Last edited by a moderator: Oct 14, 2015
  4. Ray


    Sean is right. If you are developing an application that will access certain tables or data then it is better to create and implement forms authentication (ASP.Net Membersihp/Roles). This way the db login itself is hidden from the person accessing the web application. Depending on how the SQL statement is setup will limit the user logging into the application on what they can see and do on the database. You may want to look at this kb article for guidelines on how to setup ASP.Net membership/roles provider.

    Last edited by a moderator: Oct 14, 2015
  5. I will have to study the purpose and use of the security/role table before responding. I'm new to web dev, visual studio/VB and visual web developer. I'm old school client/server, distributed db/server. Bear with me.

    The goal is to use the user login to the db to:
    • restrict the read/write privs for modules, menus and selections within the application itself (not the db) by user
    • identify specific users generating errors by logging errors to an error table

    Just to cut to the chase, why limit the db to one user account?

    on edit: Thanks for the link to the article on how to setup ASP.Net membership/roles provider.

  6. curtis

    curtis Winhost Staff

    The reason is because we would have to build a system to manage sql users and its complicated. We had to stop developing our control panel at some point so that we can work on launching our business (which is not trivial either).

    Right now we want to get the word out there and grow. We'll take suggestions from our customers as to what improvements they would like to see and we'll take those suggestions and plan our next steps.
  7. Yes, I would like to see the having the option to have more than one user as well.

    Right now, the user and password for the database connection is that of the super DB user. So anyone in the team developing will know the super password. I want to restrict developers to one password where the DB person can grant stored procedure access to this class of users.
  8. Understood. But as curtis suggested, most hosts are not going to implement a complex system for creating db users with various levels of access. Not on a database that is included in the price of an inexpensive account. Those kinds of advanced features are what you pay a more expensive host for.

    We'll certainly consider every suggestion and request, but try to bear in mind that there has to be a balance between cost and development of features.
  9. Just to add my .02... You're right, it's not a big deal, but typically...

    I create 2 users for my databases, one that is used in the web application with just CRUD abilities -- the second is the admin, that is typically used when I need to do DB development -- create/manage tables, etc. -- and that is typically used via SSMS.

    If, for some reason I need more than CRUD abilities in the app (happened once in the last 3 years I think) I use the admin user.

    If there were those two types of users defined, I don't think you'd need to to make any system at all for db user management.


Share This Page