[dba-SQLServer]RE: [dba-VB] Trusted Connection versus What?

Francisco H Tapia fhtapia at hotmail.com
Wed Apr 30 17:25:09 CDT 2003


yes of course if the Sql Server is not set up to accept mixed mode
authentication then of course you can't use it.  (those of course were the
words of MS, so I suppose they were just assuming that people had the server
set up to use either or.  If both Win NT authentication or Sql Server
authentication grant the same access it is pointless to keep both, or it
would seem unless you have 9x workstation along with NT workstations on your
network.

-Francisco
http://rcm.netfirms.com

On Wednesday, April 30, 2003 3:01 PM [GMT-8],
Djabarov, Robert <Robert.Djabarov at usaa.com> wrote:

: If Trusted_Connection property is set to No, SQL OLEDB Provider is
: using SQL Server Standard Security Authentication mechanism, not
: Mixed Mode.  In order to utilize the above-mentioned authentication
: the server (SQL) needs to be configured to accept both SQL Server and
: Windows Security Authentication.  If a connection to the server is
: attempted to be established using either one of them, there is no
: need for the other.  In fact, if a user passes the first one, even if
: he fails on the second, - he/she still has access to the data that
: he/she just got denied access with the second attempt.  Kind of
: doesn't make sense.
:
: Robert Djabarov
: Senior SQL Server DBA
: USAA IT/DBMS
: ? (210) 913-3148 - phone
: ? (210) 753-3148 - pager
:
:
:  -----Original Message-----
: From: Francisco H Tapia [mailto:fhtapia at hotmail.com]
: Sent: Wednesday, April 30, 2003 4:01 PM
: To: dba-sqlserver at databaseadvisors.com
: Subject: Re: [dba-SQLServer]RE: [dba-VB] Trusted Connection versus
: What?
:
: Arthur,
:
: Per the
:
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/ado270/htm/pg_ado_providers_6.asp
: TRUSTED CONNECTION,
:  Indicates the user authentication mode. This can be set to Yes or
: No. The
: default value is No. If this property is set to Yes, then SQLOLEDB
: uses
: Microsoft Windows NT Authentication Mode to authorize user access to
: the SQL
: Server database specified by the Location and Datasource property
: values. If
: this property is set to No, then SQLOLEDB uses Mixed Mode to
: authorize user
: access to the SQL Server database. The SQL Server login and password
: are
: specified in the User Id and Password properties.
:
: -Francisco
: http://rcm.netfirms.com
:
: On Wednesday, April 30, 2003 1:50 PM [GMT-8],
: Arthur Fuller <artful at rogers.com> wrote:
:
:: That's what I thought, and not what I want. I need the security of
:: separate windows and sql logins. There's history here that I cannot
:: simply revise, I have to live with decisions made by others and me
:: years ago. Even if I were free to make changes in this context, I
:: remain unconvinced that integrated security is better. All I can see
:: is simpler. As I see it, even assuming that you can log in, then you
:: still have to pass another test in order to get anywhere near the
:: database -- except in the case of Anonymous, who maps to Public. That
:: looks to me like wearing two condoms :-)
::
:: What precisely does a trusted connection do? Assume that you're cool
:: and automatically let you into the database? And what does an
:: untrusted connection do? Assume you're uncool and demand a password
:: (at either or both the windows and sql levels)?
::
:: Anyway, if SSPI = Windows authentication, I need the alternative:
:: mixed-mode authentication or whatever its name is (windows login +
:: sql login).
::
:: My vague game plan was to have a login called Anonymous with no
:: password and decidely limited privileges. Then the web site can open
:: the door for anyone. Other logins would correspond to employees,
:: sales reps and so on, all aggregated into roles defining their
:: privileges. The BOD could see reports that mere mortals couldn't. My
:: Access app already does this, but now I need my .NET app to do it :-)
::
:: Arthur
::
:: -----Original Message-----
:: From: Jim DeMarco [mailto:Jdemarco at hshhp.org]
:: Sent: April 30, 2003 9:15 AM
:: To: artful at rogers.com
:: Subject: RE: [dba-VB] Trusted Connection versus What?
::
::
:: I believe that's Windows Authentication.  You see this in the M$
:: DataLink generated connect string when you create a new data link and
:: specify Windows NT Integrated Security in the login info section.
:: Don't know what it stands for though.
::
:: BTW, did a quick search on google and I see it used in .NET connect
:: strings as well so it does still exist.
::
:: Jim DeMarco
::
::
:: _______________________________________________
:: dba-SQLServer mailing list
:: dba-SQLServer at databaseadvisors.com
:: http://databaseadvisors.com/mailman/listinfo/dba-sqlserver
:: http://www.databaseadvisors.com
:
: _______________________________________________
: dba-SQLServer mailing list
: dba-SQLServer at databaseadvisors.com
: http://databaseadvisors.com/mailman/listinfo/dba-sqlserver
: http://www.databaseadvisors.com
:
:
:
: _______________________________________________
: dba-SQLServer mailing list
: dba-SQLServer at databaseadvisors.com
: http://databaseadvisors.com/mailman/listinfo/dba-sqlserver
: http://www.databaseadvisors.com



More information about the dba-SQLServer mailing list