Please start any new threads on our new site at https://forums.sqlteam.com. We've got lots of great SQL Server experts to answer whatever question you can come up with.

 All Forums
 Development Tools
 Other Development Tools
 DSN connection without ID/pswd

Author  Topic 

exdba
Starting Member

2 Posts
Posted - 2007-07-18 : 15:30:19
We have a developer that has used the application ID as a shared account for team members. So, we setup an ODBC connection with a new ID / password. Now, we want him to change his code so that he uses the DSN. However, he says he needs the ID / password for that as well. I have found a few examples where it's not needed, but it doesn't work. The DBAs use SQL authentication, and he says you can't do this with SQL auth. He says it would require NT auth or mixed mode (which the DBAs won't switch to), but that may fail too. So, is there anyway to create a database connection without the developer knowing the ID and password? Is there any way to make this work?

tkizer
Almighty SQL Goddess

38200 Posts
Posted - 2007-07-18 : 16:08:20
If the application is using SQL authentication, then the userid and password is needed in the connection string, regardless of where it is located. It's only with Windows authentication that you don't need this information as it uses the context of the person logged into Windows.

If you disallow SQL authentication, then the developer will probably need to change code to handle this.

Tara Kizer
http://weblogs.sqlteam.com/tarad/
Go to Top of Page

exdba
Starting Member

2 Posts
Posted - 2007-07-18 : 16:47:12
So, is there anyway to do it with SQL authentication? That's what the DBAs use, and they aren't about to change it. If this guy has the ID and password to the production data, he can use it how he likes. So far, he has shared the test one with others, which we want to avoid in production. Basically, they can't be trusted, so we don't want to trust them.
Go to Top of Page

tkizer
Almighty SQL Goddess

38200 Posts
Posted - 2007-07-18 : 22:43:26
Whoever is going to be responsible for the connection string needs to know the userid and password. If you don't want the developer to know the password, then you need to take control of the connection string. But he'll probably still be able to get to it unless you lock down the server.

Tara Kizer
http://weblogs.sqlteam.com/tarad/
Go to Top of Page
   

Subscribe to SQLTeam.com

SQLTeam.com Articles via RSS

SQLTeam.com Weblog via RSS

- Advertisement -

Resources

Articles

Forums

Blogs

Contact Us

About the Site