Connection to a MS SQL Server Table (newbie)

I am getting started on a prototype site and have set up one of my home
machines with IIS and MS SQL Server. Based on several on the posts to this
group, I have been reviewing the ADO connection strings. However, what
really puzzles me is that it appears you need to use an unsecured SQL Server
(no user name and no password) or provide the username and password in the
connection string. The latter seems to defeat the purpose of a password.

What I am guessing at this point is that a SQL server account needs to be
set up with the only the necessary permissions to get the job done. Is this
correct?

In the bigger picture (might be a vision or a hallucination!), this site
will be a secure site (https://) with username/password access. It is
basically a departmental personnel database tailored to our specific needs.
The objective is to provide some limiting of access based on groups and work
units (i.e. Group Lead A can only view the people organizationally below
him).

Any comments, thoughts, references, etc will be greatly appreciated!

Thanks!

Don

Re: Connection to a MS SQL Server Table (newbie)

Don wrote:
> I am getting started on a prototype site and have set up one of my
> home machines with IIS and MS SQL Server. Based on several on the
> posts to this group, I have been reviewing the ADO connection
> strings. However, what really puzzles me is that it appears you need
> to use an unsecured SQL Server (no user name and no password)

Huh? What gave you this idea?

> or
> provide the username and password in the connection string. The
> latter seems to defeat the purpose of a password.

Why? As long as it's contained in an ASP page, the user cannot browse to it.
>
> What I am guessing at this point is that a SQL server account needs
> to be set up with the only the necessary permissions to get the job
> done. Is this correct?

Normally, you would create a sql login with limited permissions in your
database and use that login in your application.

>
> In the bigger picture (might be a vision or a hallucination!), this
> site will be a secure site (https://) with username/password access.
> It is basically a departmental personnel database tailored to our
> specific needs. The objective is to provide some limiting of access
> based on groups and work units (i.e. Group Lead A can only view the
> people organizationally below him).
>
> Any comments, thoughts, references, etc will be greatly appreciated!
>
> Thanks!
>
See http://www.aspfaq.com/show.asp?id=2126

HTH,
Bob Barrows

--
Microsoft MVP -- ASP/ASP.NET
Please reply to the newsgroup. The email account listed in my From
header is my spam trap, so I don't check it very often. You will get a
quicker response by posting to the newsgroup.

Re: Connection to a MS SQL Server Table (newbie)

It does not defeat the purpose (as bob said) because all of the data
contained within an ASP page is not viewable by the user unless directly
written to the page.

You find that HTAccess is worth a look /consideration ... this provides the
ability to set priveleges and groups, etc

--
Jon
warpedpixel@gmail.com
Look at that dead pixel on your screen! *SLAP* Gotcha!

"Don" wrote in message
news:OxiRVP0dFHA.3184@TK2MSFTNGP15.phx.gbl...
>I am getting started on a prototype site and have set up one of my home
> machines with IIS and MS SQL Server. Based on several on the posts to
> this
> group, I have been reviewing the ADO connection strings. However, what
> really puzzles me is that it appears you need to use an unsecured SQL
> Server
> (no user name and no password) or provide the username and password in the
> connection string. The latter seems to defeat the purpose of a password.
>
> What I am guessing at this point is that a SQL server account needs to be
> set up with the only the necessary permissions to get the job done. Is
> this
> correct?
>
> In the bigger picture (might be a vision or a hallucination!), this site
> will be a secure site (https://) with username/password access. It is
> basically a departmental personnel database tailored to our specific
> needs.
> The objective is to provide some limiting of access based on groups and
> work
> units (i.e. Group Lead A can only view the people organizationally below
> him).
>
> Any comments, thoughts, references, etc will be greatly appreciated!
>
> Thanks!
>
> Don
>
>
>

THANKS! -> Re: Connection to a MS SQL Server Table (newbie)

Bob & Jon,

Thanks for the inputs!

I looked at more connection examples and indeed for SQL Server it is
username/password. Last night I managed to cobble together a couple of
things to create a page which accesses the database on my SQL Server and
display records! I think I am off and running (okay, crawling!)

Thanks again!

Don






"Don" wrote in message
news:OxiRVP0dFHA.3184@TK2MSFTNGP15.phx.gbl...
> I am getting started on a prototype site and have set up one of my home
> machines with IIS and MS SQL Server. Based on several on the posts to
this
> group, I have been reviewing the ADO connection strings. However, what
> really puzzles me is that it appears you need to use an unsecured SQL
Server
> (no user name and no password) or provide the username and password in the
> connection string. The latter seems to defeat the purpose of a password.
>
> What I am guessing at this point is that a SQL server account needs to be
> set up with the only the necessary permissions to get the job done. Is
this
> correct?
>
> In the bigger picture (might be a vision or a hallucination!), this site
> will be a secure site (https://) with username/password access. It is
> basically a departmental personnel database tailored to our specific
needs.
> The objective is to provide some limiting of access based on groups and
work
> units (i.e. Group Lead A can only view the people organizationally below
> him).
>
> Any comments, thoughts, references, etc will be greatly appreciated!
>
> Thanks!
>
> Don
>
>
>