----------------------------------------------------------- New Message on BDOTNET
----------------------------------------------------------- From: spprivate Message 4 in Discussion Hi, Connecting to the database purely relies on the mode of SQL Authentication u set and your connection string. If ur authentication mode is SQL then u need to pass SQL User name and pwd.. If U need to use integrated security in conn string,then u need to create a group in the server. Read this Connection Strings All connection objects expose roughly the same members. However, the specific members available with a given OleDbConnection object depend on what data source it is connected to; not all data sources support all members of the OleDbConnection class. The primary property associated with a connection object is the ConnectionString property, which consists of a string with attribute/value pairs for information required to log on to a database and point to a specific database. A typical ConnectionString property might look like the following:Provider=SQLOLEDB.1;Data Source=MySQLServer;Initial Catalog=NORTHWIND;Integrated Security=SSPI This particular connection string specifies that the connection should use Windows integrated security (NT authentication). A connection string can instead include a user id and password, but this is not recommended, because these attributes are then compiled into your application and therefore a potential security breach. For more information, see Access Permissions for Web Applications and <MSHelp:link tabIndex=0 keywords="vxoriDistributedApplicationSecurityRecommendations">Security Model</MSHelp:link>. Security Note Storing connection-string details (such as the server name, user name, and password) can have implications for the security of your application. Using Windows Integrated Security is a more secure way to control access to a database. For more information, see <MSHelp:link tabIndex=0 keywords="vxconDatabaseSecurity">Database Security</MSHelp:link>. The most common attribute/value pairs used by OLE DB are also represented separately by an individual property, such as DataSource and Database. When working with a connection object, you can either set the ConnectionString property as a single string, or you can set individual connection properties. (If your data source requires connection-string values that are not represented by individual properties, then you must set the ConnectionString property.) Alternatively, you can also set the ConnectionString property to the path of a Microsoft Data Link (.udl) file. For more information about data link files, see <MSHelp:link tabIndex=0 keywords="DataLinkAPIOverview">Data Link API Overview</MSHelp:link>. Note The SQLConnection object does not support � or allow you to specify � the Provider attribute. Connection Information and Security Because opening a connection involves getting access to an important resource � a database � there are often security issues in configuring and working with a connection. How you secure the application and its access to the data source depends on the architecture of your system. In a Web-based application, for example, users typically get anonymous access to Internet Information Services (IIS), and therefore do not provide security credentials. In that case, your application maintains its own logon information and uses it (rather than any specific user information) to open the connection and access the database. Security Note Storing connection-string details (such as the server name, user name, and password) can have implications for the security of your application. Using Windows Integrated Security is a more secure way to control access to a database. For more information, see <MSHelp:link tabIndex=0 keywords="vxconDatabaseSecurity">Database Security</MSHelp:link>. The ASP.NET Web application binary files and configuration file are secured from Web access by the inherent ASP.NET security model, which prevents access to these files using any Internet protocol (HTTP, FTP, and so on). To prevent access to the Web server computer itself via other methods (for example, from within your internal network), you use the security features of Windows. In intranet or two-tier applications, you can take advantage of the integrated security option provided by Windows, IIS, and SQL Server. In that model, a user's authentication credentials for the local network are also used to access database resources, and no explicit user name or password are used in the connection string. (Typically, permissions are established on the database server computer via groups, so that you do not need to establish individual permissions for every user who might access the database.) In this model, you do not need to store logon information for the connection at all, and there are no extra steps required to protect connection string information. For more information about security, see the following topics: <MSHelp:link tabIndex=0 keywords="vxconBestPracticesStrategiesForSecurability">Best Practices for Securability</MSHelp:link> <MSHelp:link tabIndex=0 keywords="cpconNETFrameworkSecurity">.NET Framework Security</MSHelp:link> Access Permissions for Web Applications <MSHelp:link tabIndex=0 keywords="cpconASPNETWebApplicationSecurity">ASP.NET Web Application Security</MSHelp:link> HTH Cheers Satheesh ----------------------------------------------------------- To stop getting this e-mail, or change how often it arrives, go to your E-mail Settings. http://groups.msn.com/bdotnet/_emailsettings.msnw Need help? If you've forgotten your password, please go to Passport Member Services. http://groups.msn.com/_passportredir.msnw?ppmprop=help For other questions or feedback, go to our Contact Us page. http://groups.msn.com/contact If you do not want to receive future e-mail from this MSN group, or if you received this message by mistake, please click the "Remove" link below. On the pre-addressed e-mail message that opens, simply click "Send". Your e-mail address will be deleted from this group's mailing list. mailto:[EMAIL PROTECTED]
