On Thu, Jun 4, 2009 at 1:59 PM, Paul Hill <[email protected]> wrote: > On Thu, Jun 4, 2009 at 6:40 PM, Stephen Russell <[email protected]> wrote: >> On Thu, Jun 4, 2009 at 12:00 PM, Rafael Copquin <[email protected]> >> wrote: >>> You could use ODBC to set up a DSN connection, test it and then use it. For >>> instance, you set up a DSN connection called 'myconnection'. >>> >>> Then you can use thus: >>> >>> nHandle = sqlstringconnect([dsn=myconnection;trusted_connection=yes]) >>> >>> if nHandle < 0 >>> messagebox('Connection failed') >>> else >>> messagebox('Connected successfully') >>> endif >> ----------------------------- >> >> While this will work it becomes a mainteannce nightmare over time. >> >> Changing the Password is something that should be changed every 3 >> months or sooner. > > Just wondering, are you advocating SQL logins? (vs trusted). > > Speaking of SQL security, does anyone use application roles here? > --------------------------
I advocate 3 types of user groups that you can be associated with with in a domain that has trust or rights with SQL Server. DBO : for the few that need control of the db. General User : All data read, write and exec stored procedures Reporting : Read only access. You can add in more levels of granularity such as those who apply only to HR and exclude everyone else from their DB or tables within the company DB. I then institute Trusted connection and let AD determine what group you are in and pass that back to the db for what it needs. So when your terminated, your rights to the db are closed down stat as your connection to the system and servers itself are closed. :) -- Stephen Russell Sr. Production Systems Programmer Web and Windows Development Independent Contractor Memphis TN 901.246-0159 _______________________________________________ Post Messages to: [email protected] Subscription Maintenance: http://leafe.com/mailman/listinfo/profox OT-free version of this list: http://leafe.com/mailman/listinfo/profoxtech Searchable Archive: http://leafe.com/archives/search/profox This message: http://leafe.com/archives/byMID/profox/[email protected] ** All postings, unless explicitly stated otherwise, are the opinions of the author, and do not constitute legal or medical advice. This statement is added to the messages for those lawyers who are too stupid to see the obvious.
