Typically that option does not scale, which is why most "web scale" :) DB driven applications are built using a trusted subsystem model.
Users are authenticated at the web or app tier, and then a set of static identities are used to access other tiers. For SQL Server, connection pooling is on a per-identity basis, so using a limited set of Windows identities makes sense. That doesn't even begin to touch all the other systems or DBs that the front-end also needs to communicate with, If you are going to build a logging/auditing system that kicks in where the end-user is authenticated (e.g. at the web tier), you may as well use it for all backend interactions. Cheers Ken From: Steve Kradel [mailto:[email protected]] Sent: Tuesday, 29 May 2012 4:43 AM To: NT System Admin Issues Subject: Re: PowerBuilder ODBC connection to SQL with alternate credentials This thread's a little old, but I meant to chime in with one reasonably major point: switching off user-specific authentication and authorization to the database server can have many ill consequences if that is the core of the system's security model. There might be no other tier to this thing (and there probably isn't, given the system's age and the state of PowerBuilder-type development twelve years ago)... If you bump it over to a static, SQL-based identity, the application could lose all context of who is logging in, taking an action, etc. Question is, why do you want to hard-code credentials into the connection string? What is wrong with Windows authorization to SQL? --Steve On Thu, May 24, 2012 at 4:55 PM, Michael B. Smith <[email protected]<mailto:[email protected]>> wrote: Uh.... Sure, WTH. No promises. When I last used it, it was on Sybase SQL 4.1 (just before it became Microsoft SQL). From: Christopher Bodnar [mailto:[email protected]<mailto:[email protected]>] Sent: Thursday, May 24, 2012 4:37 PM To: NT System Admin Issues Subject: RE: PowerBuilder ODBC connection to SQL with alternate credentials Any interest in looking at some of the code? Thanks Christopher Bodnar Enterprise Achitect I, Corporate Office of Technology:Enterprise Architecture and Engineering Services Tel 610-807-6459<tel:610-807-6459> 3900 Burgess Place, Bethlehem, PA 18017 [email protected]<mailto:[email protected]> [cid:[email protected]] The Guardian Life Insurance Company of America www.guardianlife.com<http://www.guardianlife.com/> From: "Michael B. Smith" <[email protected]<mailto:[email protected]>> To: "NT System Admin Issues" <[email protected]<mailto:[email protected]>> Date: 05-24-12 04:11 PM Subject: RE: PowerBuilder ODBC connection to SQL with alternate credentials ________________________________ Wow, that's a blast from the past. I haven't used that since around 1998/99. It's now part of Progress Software and called Z/Presentation. From: Christopher Bodnar [mailto:[email protected]] Sent: Thursday, May 24, 2012 3:04 PM To: NT System Admin Issues Subject: RE: PowerBuilder ODBC connection to SQL with alternate credentials Update, the developer just informed me that this is not PowerBuilder, but ClientBuilder. I've never heard of this before. Not even sure they are around. This is the only thing online that I've been able to find that references it: http://www.thefreelibrary.com/ClientSoft+Announces+ClientBuilder+8.0%3B+New+Version+Offers...-a0123206721 Christopher Bodnar Enterprise Achitect I, Corporate Office of Technology:Enterprise Architecture and Engineering Services Tel 610-807-6459<tel:610-807-6459> 3900 Burgess Place, Bethlehem, PA 18017 [email protected]<mailto:[email protected]> [cid:[email protected]] The Guardian Life Insurance Company of America www.guardianlife.com<http://www.guardianlife.com/> From: Christopher Bodnar <[email protected]<mailto:[email protected]>> To: "NT System Admin Issues" <[email protected]<mailto:[email protected]>> Date: 05-24-12 10:33 AM Subject: RE: PowerBuilder ODBC connection to SQL with alternate credentials ________________________________ Thanks Michael, That is actually where the example I listed below came from. I've also got an example of a PowerBuilder 9 app that shows how to do it. So I can't believe that functionality doesn't exist in PowerBuilder 8.5.1. My guess is that the code is wrong, and I've asked for the developer to send it over for me to review. Thanks for your help. Christopher Bodnar Enterprise Achitect I, Corporate Office of Technology:Enterprise Architecture and Engineering Services Tel 610-807-6459<tel:610-807-6459> 3900 Burgess Place, Bethlehem, PA 18017 [email protected]<mailto:[email protected]> [cid:[email protected]] The Guardian Life Insurance Company of America www.guardianlife.com<http://www.guardianlife.com/> From: "Michael B. Smith" <[email protected]<mailto:[email protected]>> To: "NT System Admin Issues" <[email protected]<mailto:[email protected]>> Date: 05-24-12 10:08 AM Subject: RE: PowerBuilder ODBC connection to SQL with alternate credentials ________________________________ Yes. See here for samples: http://www.connectionstrings.com/sql-server-2008 From: Christopher Bodnar [mailto:[email protected]] Sent: Thursday, May 24, 2012 9:55 AM To: NT System Admin Issues Subject: OT: PowerBuilder ODBC connection to SQL with alternate credentials Got a call from a developer. Seems there is an old PowerBuilder 8.5.1 application that currently uses the users current credentials for the ODBC connection to a back end SQL server. The question to me was, can they have it use alternate credentials. So the user would logon to Windows, the app would authenticate them using their windows logon, but the ODBC connection in the application would use an alternate set of credentials to connect to the SQL database. I'm not a developer and I don't know PowerBuilder at all, but shouldn't this be possible with the connection string in the application? Something like this? Driver={SQL Server Native Client 10.0};Server=myServerAddress;Database=myDataBase;Uid=myUsername;Pwd=myPassword; Any help appreciated. Thanks Christopher Bodnar Enterprise Achitect I, Corporate Office of Technology:Enterprise Architecture and Engineering Services Tel 610-807-6459<tel:610-807-6459> 3900 Burgess Place, Bethlehem, PA 18017 [email protected]<mailto:[email protected]> [cid:[email protected]] The Guardian Life Insurance Company of America www.guardianlife.com<http://www.guardianlife.com/> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected]<mailto:[email protected]> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
<<inline: image001.jpg>>
