Hi,
I just wanna know the pros and cons while using XML string as argument to the procedure. Which one will be better in terms of security and performance.
regards
Aneesh R.
That depends on what you want to do with the parameter. Could you please be a bit more specific?
Best regards
Michael
"Aneesh" <aneesh.r@.eostek.com> wrote in message news:%23TD84aoiEHA.1356@.TK2MSFTNGP09.phx.gbl...
Hi,
I just wanna know the pros and cons while using XML string as argument to the procedure. Which one will be better in terms of security and performance.
regards
Aneesh R.
|||Hi,
Actually the application is E-Com. Is it better to use XML parameters for Password verification, UserRegistration etc. I need to consider both Performance and security
regards
Aneesh R.
That depends on what you want to do with the parameter. Could you please be a bit more specific?
Best regards
Michael
"Aneesh" <aneesh.r@.eostek.com> wrote in message news:%23TD84aoiEHA.1356@.TK2MSFTNGP09.phx.gbl...
Hi,
I just wanna know the pros and cons while using XML string as argument to the procedure. Which one will be better in terms of security and performance.
regards
Aneesh R.
|||Some items are dependent on your perf and scaling requirements:
- Are you planning on using OpenXML to unshred it? You may find that large XML documents may be problematic from a scaling point of view (>100kB). Small ones should be fine.
- Are you planning on using a T-SQL statement instead to parse a CSV format? That may be less efficient, but performance tests should be done.
Some items are general security items:
- Do you expose the stored proc parameter to arbitrary users? In that case there are some DoS scenarios that you may need to prepare for by checking for them on the mid-tier. If you have full control over the XML format that you send, then there is no more or less security than on any other data value that you send.
HTH
Michael
"Aneesh" <aneesh.r@.eostek.com> wrote in message news:O0iDzmyiEHA.3564@.TK2MSFTNGP10.phx.gbl...
Hi,
Actually the application is E-Com. Is it better to use XML parameters for Password verification, UserRegistration etc. I need to consider both Performance and security
regards
Aneesh R.
That depends on what you want to do with the parameter. Could you please be a bit more specific?
Best regards
Michael
"Aneesh" <aneesh.r@.eostek.com> wrote in message news:%23TD84aoiEHA.1356@.TK2MSFTNGP09.phx.gbl...
Hi,
I just wanna know the pros and cons while using XML string as argument to the procedure. Which one will be better in terms of security and performance.
regards
Aneesh R.
没有评论:
发表评论