The security needs of the Corporate Media Library (CML) application are simple. Two discrete user groups have access to the CML application:
Security requirements differ for the two groups.
When a user first accesses the CML application no security requirements are exercised. When a user wants to issue a request to check out a title the user's logon information is examined. It is presumed that the user has already logged on to the network using a Microsoft® Windows NT® account.The client-side component UserInfo gets the logon name for the client computer. About the UserInfo Component describes this component in detail. The client must have the UserInfo component installed; if it is not installed the user is requested to install it. The user's logon name is then verified against the Microsoft Exchange Server directory. The strength of this approach is that it prevents unnecessary broadcast of the plain text client password by less secure browsers.
In addition, a select group of CML users can view the CML administrative Web page and access administrative functions. Restricting Administration Access describes how access is managed.
A CML application user passes through two stages of security when accessing the CML SQL Server™ database: authentication and permissions validation. The authentication stage identifies the user using a logon account and only verifies the ability to connect with SQL Server. If authentication is successful, the user connects to SQL Server.
SQL Server can operate in one of two security (authentication) modes:
The CML's SQL Server database uses Windows NT Authentication. SQL Server trusts that the account name and password were validated when the user logged onto Windows NT and does no further verification. This is often referred to as a trusted connection. Windows NT Authentication Mode is not available when SQL Server is running on Microsoft Windows® 95 or Windows 98.
Next the CML user needs permissions to access databases on the server. The data in the library database is not considered high-security information and the developers decided to use role-based security for all CML application database access. The application uses a default user designated as "sa" (system administrator).
Note The content of the CML application data connection parameters, found in the global.asa file, shows the absence of a password and a default user "sa".
The CML application's approach to security is clearly not appropriate when high security is required, for example, in a payroll or banking application. Windows NT user-account access is recommended when the tightest security is required. Using database roles to implement role-based security offers ease of management at the cost of less specifically assigned access to database objects.
Only read access is required to view Exchange Server directory information, because the CML application does not add, change, or delete information in the directory. Enabling anonymous LDAP in Exchange Server is the only permission required for access to information in the Exchange Server directory. Values for parameters required to access Exchange Server are found in global.asa.