Thursday, 4 July 2019

Application-Level Authentication strategies

Accessing Application using SQL Server Authentication,the Application username/password, credentials are encrypted and stored in database table, then check to see if those credentials are valid or not. 


Accessing APIs/Webservices, the username/password, credentials and Security keys are encrypted and stored in configuration files, then APIs/Webservices to validate those credentials are valid or not.


Calling/Connecting the 3rd Party APIs from Application, the 3rd party API username/password and Security keys are encrypted (Column Level Encryption) and stored in the database table using with TDE (Transparent Data Encryption) at the database level.


The 3rd Party APIs to validate those credentials are valid or not. Accessing the Application using Windows Authentication, the windows usernames are stored in database table, then check to see if those users are valid or not.



Database-Level Authentication strategies


Ø  Using SQL Server Authentication for connecting the SQL Server databases, the database credentials username/password, mapping databases and access permissions are set at the database-level.

Ø  The database username/password, then the SQL Server validates it to access the databases if those credentials are valid or not.

Ø  Valid/Authorized user to access the databases if database user has appropriate permissions for accessing the databases.

Ø  Using Windows Authentication for connecting the databases, the windows username, mapping databases and access permissions are set at the database-level.