0

I'm working on the web app which will be hosted on the client's server.

There are various restrictions/security measures in place and I'm concerned that these can be "hacked" because the client will have a direct access to the ASP.Net user database through the SSMS.

I can think of few ways to stop the user from doing this, but I'm interested to find out whether there are any specific standards that I should follow?

Improve this question

1 Answer 1

Reset to default
1

If the client has direct administrative access to the database, there's not much you can do. If these are the client's login details - why is this then a problem?

Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

For example client is limited to 50 users, or client shouldn't have an an ability to log in as a SuperUser into the application.
@vikp - this should probably be something you write into your code if you don't want the clients to exceed it. As for the super user thing - you're selling them the software, they should be able to use it as they please (but can possibly be advised against doing).

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.