Re: SQL beginner help


"Ed Murphy" <emurphy42@xxxxxxxxxxxx> wrote in message
news:45ccdb5f$0$24503$4c368faf@xxxxxxxxxxxxxxxxx
Jon Slaughter wrote:

In SQL Server you have security "groups" and users can join one or
more groups. So a certain group may have read + write access over one
table while another group only has read access. I do not know if this
is how it works in MySQL or not. To accomplish your goal of users
having access to only certain rows in a table is going to require some
server-side code outside of the group security to determine if the
user should be able to access a certain row.


Ok, but what is this code? Is it html, javascript, or what? is it SQL
statements that are embedded in the code(Sorta like how I can use SQL in
C# but its just more like a simple wrapper that forwards the SQL
statements to the server)?

ASP, in your case. This may be as simple as including UserID as a
column in the table, then forwarding SQL statements like:

select (list of fields)
from the_table
where UserID = 'jblow123' (and possibly other conditions)

The overall architecture looks like this:

SQL <-------------------- ASP <-------------------- end user
logged into SQL logged into web site
as "website" as "jblow123"

The "website" SQL login can read/write any row in the table. The
ASP code chooses to read/write only certain rows in response to a
request from the "jblow123" web site login.

Ok, so its up to the asp front end to manage security(I guess its better to
say permission) rights? When the user logs onto the web site and interfaces
with the Asp code it will decide what how to handle what the user is able to
do?

So ASP has its own log in onto the SQL Database(its own pipe so to speak)
but ASP will deal with restricting the users access? So maybe jblow123 can
change his own information but cannot change others because the ASP front
end is designed to only bring up his own information.

e.g., I'm thinking of an example where jblow wants to view his own account
information. You design some ASP code that will bring up only jblow's
information when he requests it(he can't request others information(or
atleast private information) so only way he could mess with others stuff is
if the ASP code was buggy/insecure?

Basically your telling me that jblow doesn't access the SQL server/database
directly like I can when I go write an SQL statement and run it in visual
studio? So I get to choose what he can do and what he can't? Since he
cannot really get at the ASP code(?) he can't change things and force it to
see something he's not suppose to? (like trick ASP into thinking he's
jane431 to get here private info?)

If this is the case then I suppose its not that difficult. I just have to
learn ASP and SQL now ;) Basically the information and the security are
handled seperately. I think maybe I now have a mental map of what is going
on. Its still kinda fuzzy but after I start working with asp a little in Web
Developer I'll probably get a better feel. I really just have no clue what
asp is and how it works yet and thats probably why I don't understand how it
works to well. If what I'm thinking is true though then I do have a much
clearer picture on how it fits together.


So is asp the way to go with this or should I learn php/python/perl/etc...
(all that other crap that I don't know that is big with web development.) I
see a lot of sites that use php so I'm a little confused on what to do.
(ofcourse this should be independent of the database itself? I could design
the "front end" in asp and later in php and it should still work the
same(excluding the differences due to asp and php)?

Thanks,
Jon


.

Relevant Pages

  • Trying to find the connection source
    ... I am trying to get rid of a former user domain (inherited a multi-domain structure years ago and need to flatten it). ... Domains are Win2k AD in a parent / child structure, and running SQL ... If the DC is taken off-line, the ASP web errors out with a SQL error. ... Mapping is to the same account as the web site anonymous access ...
    (microsoft.public.inetserver.asp.db)
  • Re: Frontpage-Desktop-Engine-SQL
    ... Offfice 2003 comes with a Light Version of SQL ... > asp pages querying off of local SQL Databases on The Server PC and then ... >> just couldn't find any mention of it on the MS Office web site. ...
    (microsoft.public.frontpage.programming)
  • Re: SQL beginner help
    ... C# but its just more like a simple wrapper that forwards the SQL ... so its up to the asp front end to manage security(I guess its better to ... with the Asp code it will decide what how to handle what the user is able to ... You design some ASP code that will bring up only jblow's ...
    (microsoft.public.sqlserver)
  • Re: New ASP Site in IIS Crashes
    ... This application>queries> an SQL DB within the same network. ... > asp pages into the new folder where the new site lives. ... > in my ASP/VBscreipt code do NOT work. ... > Is there something else that needs to be setup to activate VBScript or ASP> on a new web site? ...
    (microsoft.public.inetserver.asp.db)
  • Re: ASP, looping, and stored procedures.... error 800a0bb9 ...
    ... > page PER loop. ... The looping goes by month from and to dates selected ... > In pure ASP the page takes about 15 seconds. ... > Oh, and by the way, the test box has SQL server and IIS on it. ...
    (microsoft.public.inetserver.asp.db)
Loading