Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
ASP.Net has stock classes for Roles and Memberships. We can use aspnet_regsql.exe to create the login database. The login database created by aspnet_regsql.exe is separate from the application database so that multiple applications can use the same login database.
My question is, what are the security implications to using a separate database? Is it better to use a single database (with login and app data) to reduce surface error (ie, single connection to one database).
As long as you are telling ASP.NET Membership to store your passwords as a hash, then there’s no risk to the data being compromised. Putting the data in a separate database won’t necessarily protect it – if the database is on the same server then a join can still be accomplished using a fully-qualified object name [database].[schema].[table] to join tables from different databases.