September 06, 2010     |
Home
FAQs
       SQL Server FAQ
       SQL Injection FAQ
       SQL Security Checklist
       SQL Server-Related Products
       SQL Server/MSDE-Based Applications
       SQL Server Version Database
Tools
       Lockdown Script
       Free Tools
       Free Analysis
       Group Policy Templates
       Commercial Tools
Community
       Discussions
       Links
About
Search
Network Toaster
SQL Security Forums
Note: SQLSecurity.com does not allow nor require registration due to privacy concerns for users. SQLSecurity.com is open and anonymous for all. Please report any abuse or profanity.
Reply To Message:
Posted By n/a on 2/10/2002 6:55:00 PM
Subject: ASP.NET session state
Message: No other logins aside from machinename\ASPNET and Administrators of course are granted access to the SQL Server. When I'm not familiar with is the meaning of the guest account which cannot be removed from tempdb. Reason for which I'm thinking of "relocating" the data to another database.

Another solution would be to encrypt the session data using a similar mechanism used by ASP.NET to encrypt ViewState/cookie data (that is, using the machine key defined in machiine.config).
UserName: 
Subject:  ASP.NET session state
Body:
  
Show Replies:


ActiveForums 3.6
Copyright 1999 by Chip Andrews   |  Privacy Statement  |  Terms Of Use