Integrated Security Problems with ADO 2.8
From: Steve Newbery (newbesj_at_chevrontexaco.com)
Date: 07/15/04
- Next message: Paul Lynch: "Re: ** READ THIS BEFORE POSTING - answers to frequently asked questions 2004.07.15"
- Previous message: Miha Bernik: "Re: ISS security problem"
- Next in thread: Roger Abell [MVP]: "Re: Integrated Security Problems with ADO 2.8"
- Reply: Roger Abell [MVP]: "Re: Integrated Security Problems with ADO 2.8"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: 15 Jul 2004 02:09:49 -0700
We have a couple of Intranet web applications that use Office Web
Components, and logon is done using integrated security set to SSPI.
Our users have "Automatic logon only in Intranet zone" specified in
Zone 2 in their Internet Settings, and this worked fine and dandy -
until we installed MDAC 2.8.
Now the users get the security warning "This website is using your
identity to access a data source ...", and I'm having difficulty in
supressing that prompt. So far, the only way I found is to change the
logon setting in zone 2 (Local Intranet Zone) to "Automatically logon
with current username and password".
Two questions:
1. How come "Automatic logon only in Intranet zone" does not work
anymore in zone 2? Is this a bug or a design feature. It seems
illogical to me.
2. What implications for security are there in changing the logon
setting in zone 2? The problem is that users here can't change their
settings, so it would be a lot of work to apply the change - and we
might not het approval to do so.
Thanks, Steve
- Next message: Paul Lynch: "Re: ** READ THIS BEFORE POSTING - answers to frequently asked questions 2004.07.15"
- Previous message: Miha Bernik: "Re: ISS security problem"
- Next in thread: Roger Abell [MVP]: "Re: Integrated Security Problems with ADO 2.8"
- Reply: Roger Abell [MVP]: "Re: Integrated Security Problems with ADO 2.8"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
