brian_appliedcpu
asked on
500pts for Seasoned Pros Best Practice for Connecting to a SQL server for ASP Web and VB
What is the best practice for connecting to a SQL server.
I understand that there is ODBC, OLEDB, etc and I would just be interested in the best practice and also for the ODBC. The method I typically use Option A but have been suggested to use B.
Security is a must and is there no way not to have the UID and Password show?
Option A
************************** ********** ***
Const adOpenStatic = 3
Const adLockOptimistic = 3
Const adUseClient = 3
Set objConnection = CreateObject("ADODB.Connec tion")
Set objRecordset = CreateObject("ADODB.Record set")
objConnection.Open "DSN=DB_DatabaseName;UID=D BUser;PWD= Password;D ATABASE=DB _DatabaseN ame"
objRecordset.CursorLocatio n = adUseClient
objRecordset.Open "SELECT * FROM tblTableName WHERE tblTableName.LastName Like '" & LastName & "'", objConnection, adOpenStatic, adLockOptimistic
************************** ********** *****
Option B
************************** ********** ****
set db = Server.CreateObject("ADODB .Connectio n")
db.open "DSN=DB_DatabaseName;UID=D BUser;PWD= Password;D ATABASE=DB _DatabaseN ame"
function openrs(strsql)
set rs=Server.createobject("AD ODB.Record set")
rs.open strsql, db, 3, 1
set openrs=rs
end function
function closers()
rs.close
set rs=nothing
end function
set rs=openrs("SELECT * FROM tblTableName WHERE tblTableName.LastName Like '" & LastName & "'")
I understand that there is ODBC, OLEDB, etc and I would just be interested in the best practice and also for the ODBC. The method I typically use Option A but have been suggested to use B.
Security is a must and is there no way not to have the UID and Password show?
Option A
**************************
Const adOpenStatic = 3
Const adLockOptimistic = 3
Const adUseClient = 3
Set objConnection = CreateObject("ADODB.Connec
Set objRecordset = CreateObject("ADODB.Record
objConnection.Open "DSN=DB_DatabaseName;UID=D
objRecordset.CursorLocatio
objRecordset.Open "SELECT * FROM tblTableName WHERE tblTableName.LastName Like '" & LastName & "'", objConnection, adOpenStatic, adLockOptimistic
**************************
Option B
**************************
set db = Server.CreateObject("ADODB
db.open "DSN=DB_DatabaseName;UID=D
function openrs(strsql)
set rs=Server.createobject("AD
rs.open strsql, db, 3, 1
set openrs=rs
end function
function closers()
rs.close
set rs=nothing
end function
set rs=openrs("SELECT * FROM tblTableName WHERE tblTableName.LastName Like '" & LastName & "'")
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
OK what about your opinions,
How about the structure of the RS and Queries...option a vs b
How about the structure of the RS and Queries...option a vs b
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
arbert,
>>acperkins, I know the way you are--you totally meant to say AND USE instead of "and don't use" right?<<
Sure. I wish my typing would follow my brain :)
>>acperkins, I know the way you are--you totally meant to say AND USE instead of "and don't use" right?<<
Sure. I wish my typing would follow my brain :)
check here for a list of do's and don'ts for ado.net
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnpag/html/scalenetcheck01.asp
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnpag/html/scalenetcheck01.asp
I believe the best pratice is usually oledb provider string. Using ODBC is kinda klunky and has its issues. Also, if using dot.net they have a special object geared towards SQL which helps to increase performace.
ASKER
liquiddatainc ...
what kind of issues?
I am curious as I am having intermittent issues in my vb app. and it appears it is dying at or during the odbc.
what kind of issues?
I am curious as I am having intermittent issues in my vb app. and it appears it is dying at or during the odbc.
Any chance we can see some movement on the following old abandoned questions?
1 06/24/2004 250 Recommended Reading Win2k and 2003 Secur... Open Windows Security
2 06/18/2004 500 Multiple PIX to PIX to PIX hub and spoke... Open Networking
1 06/24/2004 250 Recommended Reading Win2k and 2003 Secur... Open Windows Security
2 06/18/2004 500 Multiple PIX to PIX to PIX hub and spoke... Open Networking
ASKER
I was wondering if anyone looks at old questions, in fact I just ran down the list and reviewed the open ones.
1. Was a non-answer...I still would like to get some better feedback but it looks like no one is interested.
2. This is still an open issue. I have had 2 cisco engineers working on it for about a month, and they don't know how to make it work either.
1. Was a non-answer...I still would like to get some better feedback but it looks like no one is interested.
2. This is still an open issue. I have had 2 cisco engineers working on it for about a month, and they don't know how to make it work either.
>>I was wondering if anyone looks at old questions<<
You will find experts more responsive if you maintain your open questions. Questions here are considered technically abandoned after three weeks.
Here are your options:
How do I accept a comment? https://www.experts-exchange.com/Databases/Microsoft_SQL_Server/help.jsp#hi68
More than one Expert helped solve my problem. What do I do? https://www.experts-exchange.com/Databases/Microsoft_SQL_Server/help.jsp#hi68
I answered my question myself. What do I do? https://www.experts-exchange.com/Databases/Microsoft_SQL_Server/help.jsp#hi70
Nobody answered my question. What do I do? https://www.experts-exchange.com/Databases/Microsoft_SQL_Server/help.jsp#hi71
What happens if I forget about my question? https://www.experts-exchange.com/Databases/Microsoft_SQL_Server/help.jsp#hi78
You will find experts more responsive if you maintain your open questions. Questions here are considered technically abandoned after three weeks.
Here are your options:
How do I accept a comment? https://www.experts-exchange.com/Databases/Microsoft_SQL_Server/help.jsp#hi68
More than one Expert helped solve my problem. What do I do? https://www.experts-exchange.com/Databases/Microsoft_SQL_Server/help.jsp#hi68
I answered my question myself. What do I do? https://www.experts-exchange.com/Databases/Microsoft_SQL_Server/help.jsp#hi70
Nobody answered my question. What do I do? https://www.experts-exchange.com/Databases/Microsoft_SQL_Server/help.jsp#hi71
What happens if I forget about my question? https://www.experts-exchange.com/Databases/Microsoft_SQL_Server/help.jsp#hi78
ASKER
What do you think of non-zero's recommendation to
Use Windows NT Authentication for SQL Server Connection.
I thought it was always best to just use SQL authentication with limited privileges?..that way it is not a windows account and has no other function/privileges on the network.
I also understand that with oledb one is coding not only the username/password but also the SQL machine name. Is this risk greater than the gain in speed?
Use Windows NT Authentication for SQL Server Connection.
I thought it was always best to just use SQL authentication with limited privileges?..that way it is not a windows account and has no other function/privileges on the network.
I also understand that with oledb one is coding not only the username/password but also the SQL machine name. Is this risk greater than the gain in speed?
As i can understand Ur not using LDAP or any other Authentication Protocols in ur Web Pages..
So ur Windows NT user ll be IUSR_MachineNAme. And it has no privilages except Web pages and WEB scripts(Should be Like this.)
So a user connecting from web server would not be able to do any other things that u dont permit.
But over all. there is a problem with the SQL Statements and lamers(newbie baby hackers :p ) use these SQL Staments to damage ur Db..
TO protect ur DB from lamers or hackers u musnt Write the SQL select or Update Statements in clean text.
Using SP's to do all data actions ll provide more security.
For Example IUSR_MachineName ll only ave Execute SP privilages. And wont ave any select,,insert or Uptate permissions to ant table of ur db .
so noone will be able to see anything that u wont let in ur SP's.
Hope it helps:
Melih SARICA
So ur Windows NT user ll be IUSR_MachineNAme. And it has no privilages except Web pages and WEB scripts(Should be Like this.)
So a user connecting from web server would not be able to do any other things that u dont permit.
But over all. there is a problem with the SQL Statements and lamers(newbie baby hackers :p ) use these SQL Staments to damage ur Db..
TO protect ur DB from lamers or hackers u musnt Write the SQL select or Update Statements in clean text.
Using SP's to do all data actions ll provide more security.
For Example IUSR_MachineName ll only ave Execute SP privilages. And wont ave any select,,insert or Uptate permissions to ant table of ur db .
so noone will be able to see anything that u wont let in ur SP's.
Hope it helps:
Melih SARICA
ASKER
Excellent info...does anyone have a problem with splitting the points
NZ 100
AM 150
AL 100
AC 100
LIQ 100 if he replies
as soon as I hear from liquiddatainc on the clunky issue I will close this string.
NZ 100
AM 150
AL 100
AC 100
LIQ 100 if he replies
as soon as I hear from liquiddatainc on the clunky issue I will close this string.
"What do you think of non-zero's recommendation to
Use Windows NT Authentication for SQL Server Connection. "
Guess it all depends on your network setup. Usually, you have your webserver in a DMZ type setup that's not connected to the SQL Server on the same network, so, WIndows Authentication isn't a possibility....If you're working on an intrenet application, then Windows Authentication is a possibility...
Use Windows NT Authentication for SQL Server Connection. "
Guess it all depends on your network setup. Usually, you have your webserver in a DMZ type setup that's not connected to the SQL Server on the same network, so, WIndows Authentication isn't a possibility....If you're working on an intrenet application, then Windows Authentication is a possibility...
ASKER
Tough split 125 all around
for nz, am, al, and ac
Thanks for all your experience
bkl
for nz, am, al, and ac
Thanks for all your experience
bkl
http://www.connectionstrings.com