Re: Pessimistic locking with approles.
From: Mary Chipman (mchip@nomail.please)
Date: 06/13/02
- Next message: Chris Wood: "Re: Microsoft Security Bulletin MS02-030"
- Previous message: Sue Hoegemeier: "Re: unauthenticated user stops SQLServer service"
- In reply to: Paul Ritchie: "Pessimistic locking with approles."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: Mary Chipman <mchip@nomail.please> Date: Thu, 13 Jun 2002 15:20:45 -0400
The "fix" is to disable connection pooling in ADO in the connection
string, and you'd have the same issue whether you used integrated
security or SQLS security, and it has nothing whatsoever to do with
pessimistic locking, either. See:
PRB: SQL Application Role Errors with OLE DB Resource Pooling
(Q229564)
http://support.microsoft.com/support/kb/articles/Q229/5/64.ASP
-- Mary
Microsoft Access Developer's Guide to SQL Server
http://www.amazon.com/exec/obidos/ASIN/0672319446
On Thu, 13 Jun 2002 09:00:19 +1200, "Paul Ritchie"
<pritchie@xtraREMOVE.coREMOVE.nz> wrote:
><I posted this in the ADO NG yesterday but received no replies.>
>
>I have rewritten our ISAM based application which uses pessimistic
>record locking. It now uses ADO, server side cursors, application roles,
>and SQL Server. Any of those individually and most combinations thereof
>seem to work fine, but not the combination I'm using!
>
>My problem is this: say you have an ADO recordset open on a table Employee
>with a pessimistic record lock on a connection that is using an AppRole.
>(Pessimistic locking requires a server side cursor.) Before you post
>the changes to Employee, maybe you wish to validate whether one of the
>fields you hope to save to the Employee table is valid, and for this you use
>a SQL query on another Command or recordset object.
>
>To paraphrase another post last year, it seems that "when you have a
>server-side cursor open with results pending & you are trying to create
>another recordset, ADO will automatically open a new connection".
>
>However when it does this, it does not apply the AppRole to the newly
>opened connection which therefore seems to become subject to the rights of
>the original login. Needless to say, these are minimal.
>
>I would be really keen on any suggestions on how to get around this.
>Pessimistic locking is fundamental to the way the application works, and
>pessimistic locking requires a server side cursor.
>
>I understand using AppRoles makes security management extremely simple where
>their use is appropriate, however maybe there is another security
>arrangement that is nearly as good for users of my application?
>
>BTW One suggestion was that I create a db user with a hidden password (the
>same as my application & AppRole hides it now) and attach that user to the
>db_owner database role? Are there any major downsides to that?
>
>It seems that I would be forced to use SQL Server authentication, but apart
>from that it's almost the same as setting an AppRole which is assigned to
>the db_owner role?
>
>TIA,
>
>Paul Ritchie
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
- Next message: Chris Wood: "Re: Microsoft Security Bulletin MS02-030"
- Previous message: Sue Hoegemeier: "Re: unauthenticated user stops SQLServer service"
- In reply to: Paul Ritchie: "Pessimistic locking with approles."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
