I am trying to provide an MSSQL database for our .Net website.
I wanted to divide the database into different schemes, so that we had a scheme like “Account”, which had personal information and schemes, such as “Publishing”, which had common data of common content.
Each of these schemes will be available using different SQL user accounts, and each of them will need its own DBML, since they will require separate connection strings (we use LINQtoSQL).
My colleague claims that since we only have both of these accounts in our web.config, this project is no more secure than just using a single SQL Server account that has access to the entire database. There is no need to separate the schemes, since we do not use Windows-based authentication.
So my question is: who is right? Will database splitting be more secure? Or is it a waste of time since both SQL accounts will be located in the web.config file (even if they are encrypted)?
source
share