Re: Connection to a MS SQL Server Table (newbie)
- From: "Bob Barrows [MVP]" <reb01501@xxxxxxxxxxxxxxx>
- Date: Wed, 22 Jun 2005 13:36:00 -0400
Don wrote:
> I am getting started on a prototype site and have set up one of my
> home machines with IIS and MS SQL Server. Based on several on the
> posts to this group, I have been reviewing the ADO connection
> strings. However, what really puzzles me is that it appears you need
> to use an unsecured SQL Server (no user name and no password)
Huh? What gave you this idea?
> or
> provide the username and password in the connection string. The
> latter seems to defeat the purpose of a password.
Why? As long as it's contained in an ASP page, the user cannot browse to it.
>
> What I am guessing at this point is that a SQL server account needs
> to be set up with the only the necessary permissions to get the job
> done. Is this correct?
Normally, you would create a sql login with limited permissions in your
database and use that login in your application.
>
> In the bigger picture (might be a vision or a hallucination!), this
> site will be a secure site (https://) with username/password access.
> It is basically a departmental personnel database tailored to our
> specific needs. The objective is to provide some limiting of access
> based on groups and work units (i.e. Group Lead A can only view the
> people organizationally below him).
>
> Any comments, thoughts, references, etc will be greatly appreciated!
>
> Thanks!
>
See http://www.aspfaq.com/show.asp?id=2126
HTH,
Bob Barrows
--
Microsoft MVP -- ASP/ASP.NET
Please reply to the newsgroup. The email account listed in my From
header is my spam trap, so I don't check it very often. You will get a
quicker response by posting to the newsgroup.
.
- References:
- Prev by Date: Connection to a MS SQL Server Table (newbie)
- Next by Date: Re: ASP Admin system pointers
- Previous by thread: Connection to a MS SQL Server Table (newbie)
- Next by thread: Re: Connection to a MS SQL Server Table (newbie)
- Index(es):
Relevant Pages
|
