Re: Database Access

Do you create the group in SQL Server on the NT Domain?

"Bob Barrows [MVP]" wrote:

> EvanK wrote:
> > I am trying to connect to a SQL database
>
> What version?
>
> > from a client script to
> > validate a user login and password.
>
> Why client script? This is a very insecure method. You are leaving yourself
> open to cross-site scripting exploits.
>
> This operation should be done in server-side code in an asp page.
>
> > I don't want to embed a username
> > and password in the script and I also don't want to use an ODBC data
> > source because I don't want to need to create it on individual
> > workstations. I used the code below for the connection but to no
> > avail. I also get the error message that tells me that there is no
> > datasource found and no default driver specified.
> >
> > var oCN = new ActiveXObject("ADODB.Connection") ;
> > var oRS = new ActiveXObject("ADODB.Recordset") ;
> >
> > oCN.open ("Server=MyServer;Database=MyDB;User=Me;Pwd=MyPwd'") ;
>
> I thought you did not want to embed the user name and password in the script
> ....?
>
> > oRS.open ("Select * from MyTable",oCN) ;
>
> 1. You are going to run into security issues: users are going to be prompted
> about retrieving data from another domain. You will have to instruct them to
> add your site to their trusted zone to avoid this.
>
> 2. Is this an intranet? I'm going to assume it is, otherwise connections to
> the database server would not be possible from client machines.
>
> You can see examples of valid connection strings at
> www.connectionstrings.com, You will want the sqloledb connection string. If
> you are intent on doing this from client-side code, I strongly suggest you
> use Integrated Authentication. The connection string will look like this:
>
> conn_string="Provider=sqloledb;" & _
> "Data Source=MyServer;Initial Catalog=MyDb;" & _
> "Integrated Security=SSPI"
>
> This will require granting all your users access to the database via their
> Windows logins. Fortunately, you can create a group, assign all the users to
> that group, and grant access in SQL Server to that group. See SQL Books
> Online (BOL) for more information.
>
> Bob Barrows
> --
> Microsoft MVP - ASP/ASP.NET
> Please reply to the newsgroup. This email account is my spam trap so I
> don't check it very often. If you must reply off-line, then remove the
> "NO SPAM"
>
>
>
.

Relevant Pages

  • asp.net 2.0 login control
    ... A database with the same name exists, or specified file cannot be opened, or it is located on UNC share.] ... These problems left me stranded for days, then today, on another machine, I hit a different set of problems I kept getting the following "Failed to generate user instance of SQL Server due to a failure in starting the process for the user instance. ... (Basically this is a new option in the connection string that allows you to point out where the ..mdf file resides eliminating the need to create database in some SQL instance.) ... Beware that the windows account of the user that first creates the connection in this databaseless manner, becomes exclusive user for this file and no other windows account will be able to create a connection to this file. ...
    (microsoft.public.dotnet.languages.vb)
  • Re: Cannot Open SQL Server Table in Access.ADP File.
    ... Other possiblities would be that you didn't refresh the database window ... I have an SQL Server 2005 database which functions properly with my ... the Generate Script Wizard to recreate the SQL Server Database. ... Then, If I attempt to open another table, it opens. ...
    (microsoft.public.access.adp.sqlserver)
  • Re: Newbie question on SQL connection
    ... database on my developer machine. ... > to develop databases away from the live SQL server - that way in the ... > domain SQL Server. ... Does your connection string contain a typo? ...
    (microsoft.public.dotnet.framework.aspnet)
  • Re: SQL Security
    ... except I'm having problems making it work in a script. ... ;Set properties of DB objects and open connection to database ... > from Books Online (within the SQL Server program group): ... > communicate with SQL Server. ...
    (microsoft.public.sqlserver.server)
  • Re: .NET and SQL Server on Separate Machines
    ... add this domain account as a valid login to your sql server. ... Everything was running correctly when the database ... > The connection string in our web.config file originally looked like this: ...
    (microsoft.public.sqlserver.connect)