0

I'm working on the web app which will be hosted on the client's server.

There are various restrictions/security measures in place and I'm concerned that these can be "hacked" because the client will have a direct access to the ASP.Net user database through the SSMS.

I can think of few ways to stop the user from doing this, but I'm interested to find out whether there are any specific standards that I should follow?

Sam
  • 7,252
  • 16
  • 46
  • 65

1 Answers1

1

If the client has direct administrative access to the database, there's not much you can do. If these are the client's login details - why is this then a problem?

Paddy
  • 33,309
  • 15
  • 79
  • 114
  • For example client is limited to 50 users, or client shouldn't have an an ability to log in as a SuperUser into the application. –  May 24 '10 at 12:19
  • @vikp - this should probably be something you write into your code if you don't want the clients to exceed it. As for the super user thing - you're selling them the software, they should be able to use it as they please (but can possibly be advised against doing). – Paddy May 24 '10 at 13:01