Re: trusted_connection=yes

From: ranjeet (not-telling)
Date: 08/05/04


Date: Thu, 05 Aug 2004 17:00:13 +0100

i don't see your point.
the security is in having the asp writer declare security access - if you
didn't have it then web users couldn't get data from the data source

in you example man is the user underwhich the web page runs - so if the db
admin allows the iwam account (or whatever user the iis web user will
access site with) access to the db then you can see the database (with
sqlserver the account can be monitored and appropriate access permissions
applied at the user level).

I hope that helps.

Best Regards,

Ranjeet.

On Fri, 30 Jul 2004 06:18:08 -0700, Scott Pendleton <sp@isystant.com>
wrote:

> I do not understand the usefulness, from a security
> standpoint, of specifying "trusted_connection=yes" in the
> SQL Server connection string in my Active Server Pages. It
> seems like this:
>
> Man: Give me all your money.
> IIS: No, because you didn't say "trusted_connection=yes".
> Man: trusted_connection=yes
> IIS: Ok, here it is!
>
> Do you see my point? What's the value of requiring a
> trusted connection if, to get one, all you have to do is
> ask for it?

-- 
Using Opera's revolutionary e-mail client: http://www.opera.com/m2/