Arthur Fuller
artful at rogers.com
Wed Apr 30 15:50:45 CDT 2003
That's what I thought, and not what I want. I need the security of separate windows and sql logins. There's history here that I cannot simply revise, I have to live with decisions made by others and me years ago. Even if I were free to make changes in this context, I remain unconvinced that integrated security is better. All I can see is simpler. As I see it, even assuming that you can log in, then you still have to pass another test in order to get anywhere near the database -- except in the case of Anonymous, who maps to Public. That looks to me like wearing two condoms :-) What precisely does a trusted connection do? Assume that you're cool and automatically let you into the database? And what does an untrusted connection do? Assume you're uncool and demand a password (at either or both the windows and sql levels)? Anyway, if SSPI = Windows authentication, I need the alternative: mixed-mode authentication or whatever its name is (windows login + sql login). My vague game plan was to have a login called Anonymous with no password and decidely limited privileges. Then the web site can open the door for anyone. Other logins would correspond to employees, sales reps and so on, all aggregated into roles defining their privileges. The BOD could see reports that mere mortals couldn't. My Access app already does this, but now I need my .NET app to do it :-) Arthur -----Original Message----- From: Jim DeMarco [mailto:Jdemarco at hshhp.org] Sent: April 30, 2003 9:15 AM To: artful at rogers.com Subject: RE: [dba-VB] Trusted Connection versus What? I believe that's Windows Authentication. You see this in the M$ DataLink generated connect string when you create a new data link and specify Windows NT Integrated Security in the login info section. Don't know what it stands for though. BTW, did a quick search on google and I see it used in .NET connect strings as well so it does still exist. Jim DeMarco