RE: Credentials for Application use

[Mikey <mike_chan_ () hotmail com>]

Chris,

Your situation is a little unique in that you encrypt the data with the 
password. The data backend I was referring to is simply a backend database 
like an SQL Server, Oracle 8i or DB2 data repository. All users need to do 
to get access to it is to authenticate to it and then have the right access 
controls to its tables/rows.

SSO may solve my problem but the problem I have right now is that SSO is 
not here for us yet. What I like to understand is from people with 
experience in this stuff who have not implemented enterprise SSO solutions 
so that I can get that light bulb above my head to work. :-)


Thanks.

At 11:00 AM 11/05/2005 -0500, Gizmo wrote:
> Maybe I don't fully understand the concept of Single Sign-On.
>
> As I understand it, SSO allows a user to login to an application portal, and
> all of the applications that user accesses via that portal know who the user
> is and what rights they have within their respective application realms.  As
> such, it is a front-end technology; the back-end applications don't know
> anything about this.  Since my application is a server in a client-server
> architecture, it is a back-end app.  In any case, SSO wouldn't help the
> situation where the data are encrypted by the password, if the data are
> accessed by more than one user.  The idea behind this implementation is to
> ensure that even if a bad guy gains access to the server and the data files
> of the DB, he still can't get at the actual data without the key.
>
> Or am I missing something?
>
> Later,
> Chris