SQL Server, DSNs, and Security

Forum Moderators: open

Message Too Old, No Replies

SQL Server, DSNs, and Security

a little help for a relative noob, please

lebhead

8:57 pm on May 22, 2003 (gmt 0)

Hi everybody.

(Hi Doctor Nick)

I have a few questions regarding SQL Server and DSNs. I know that it's very easy to establish a DSN or DSN-less connection to SQL Server with ASP. So my question is, which is more secure? Also, Is there a security risk when entering the SQL un/pw in a connection string in your ASP code?

Any help for this noob would be appreciated. Thanks.

aspdaddy

11:34 am on May 23, 2003 (gmt 0)

AFAIK the only difference is performance, and then only when you have a lot of concurrent users, as a dsn uses ODBC it is slower.

As for putting the un/pw in the code, where else would you suggest to put it?

Xoc

3:03 pm on May 23, 2003 (gmt 0)

Using the Integrated Security is the preferred method. For the reasoning, just do a search on SQL Server Security on Google. It will also tell you many other things that you should do to protect your server.

aspdaddy

4:08 pm on May 23, 2003 (gmt 0)

xoc, I'm not sure I understand. Do you mean that you let windows log the user onto sql server, using the windows un/pw?

Does this work with websites that are set for anoynomous access, I thought LOGON_AUTH was not available in the request.