Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
Is it secure to work with sql express in production?
Should I create a dedicated application pool and grant read / write permission to the user created by this pool on App_Data folder?
SQL Express can easily be made secure for professional application development. Unlike full SQL Server which is ‘secure by default’, securing SQL Express really only requires a couple of things:
1) Figure out an appropriate authorization scheme for your authentication type (i.e. SQL or Windows security).
2) If you are using Windows authentication, then create the users and groups in AD first, and then create roles in SQL Express which map to the Windows groups.
3) If you are using SQL authentication, create or use a build-in database group and add database users to that group
Regarding the IIS App_Pool process account, it is a best practice to use a dedicated (Windows user) process account for IIS, just as you should set up SQL Server with a dedicated process account.
Here’s a pretty good resource for SQL Server security practices.