I'm trying to use ASP pages generated in Frontpage to update an SQL server
database. I can view information from the database but cannot update, I
just get a message saying an error has occured. I am not too worried about
security, I'd be happy with one login that has the rights to do anything in
the database, create, delete, etc So 2 questions:-
What's the easiest way of making a user account that has access to all db's
Where are the error logs for the ASP page attempting to update the DB
stored?
Thanks in advance!
15  1698 
I suggest not letting FrontPage do this for you... spend an hour at an ASP
database tutorial and you will be much better off in the long run. There
are plenty of code snippets at different places, you could start here: http://www.aspfaq.com/2183
--
Aaron Bertrand
SQL Server MVP http://www.aspfaq.com/
"MC" <maxcoppin@-don't-send-me-any-spam-btinternet.com> wrote in message
news:m87oc.72$sD1.38@newsfe6-win... I'm trying to use ASP pages generated in Frontpage to update an SQL server
database. I can view information from the database but cannot update, I
just get a message saying an error has occured. I am not too worried
about security, I'd be happy with one login that has the rights to do anything
in the database, create, delete, etc So 2 questions:-
What's the easiest way of making a user account that has access to all
db's Where are the error logs for the ASP page attempting to update the DB
stored?
Thanks in advance!
On Tue, 11 May 2004 17:26:13 +0100, "MC"
<maxcoppin@-don't-send-me-any-spam-btinternet.com> wrote: I'm trying to use ASP pages generated in Frontpage to update an SQL server
database. I can view information from the database but cannot update, I
just get a message saying an error has occured. I am not too worried about
security, I'd be happy with one login that has the rights to do anything in
the database, create, delete, etc So 2 questions:-
What's the easiest way of making a user account that has access to all db's
Where are the error logs for the ASP page attempting to update the DB
stored?
1) You missed the alt.rocketscience group I believe...
2) This is irrelevant in five out of the six groups you hit, and you
missed an even better one.
3) You need to learn to post errors if you want solutions. Postr the
complete error message.
With all of that said, FrontPage isn't the best method for coding ASP,
and you may be running into any number of permission errors. If you
post the error, we can likely direct you to a solution, be it
FrontPage, ASP or SQL, or more likely, a Windows permission error of
some sort.
Jeff
I'm using the code in one of my ASP pages now that was working with Access.
The error code is:-
-2147217900
I can perform Select and update but nut delete.
I took your advices and the profiler shows two "SQL@BatchCompleted events
occuring, one with the corrct syntax:-
DELETE * FROM hold WHERE ISBN='188477766X' AND Username='test'
and one with
select * from DELETE * FROM hold WHERE ISBN='188477766X' AND Username='test'
What is causing this? My asp code is below:-
Dim conn, rshold Set conn = Server.CreateObject("ADODB.Connection")
Set rshold = Server.CreateObject("ADODB.Recordset")
'---Opens the connection to the database---
conn.open "Provider=SQLOLEDB; Data Source = (local); Initial Catalog =
LibrarySQL; User Id = *****; Password=*****"
'---Retrieve the holds
sqlhold = "DELETE * FROM hold WHERE ISBN='" & Request.QueryString("ISBN") &
"' AND Username='" & Request.QueryString("Username") & "'"
On Error Resume Next
conn.Execute(sqlhold)
if err.number <> 0 then Response.Write "An error has occured"
Response.Write "Error code: " & err.number & "<br/>" response.Write sqlHold
else
Response.Write
"hold cancelled"
end if
"Jeff Cochran" <jc*************@naplesgov.com> wrote in message
news:40****************@msnews.microsoft.com... On Tue, 11 May 2004 17:26:13 +0100, "MC"
<maxcoppin@-don't-send-me-any-spam-btinternet.com> wrote:
I'm trying to use ASP pages generated in Frontpage to update an SQL
serverdatabase. I can view information from the database but cannot update, I
just get a message saying an error has occured. I am not too worried
aboutsecurity, I'd be happy with one login that has the rights to do anything
inthe database, create, delete, etc So 2 questions:-
What's the easiest way of making a user account that has access to all
db'sWhere are the error logs for the ASP page attempting to update the DB
stored?
1) You missed the alt.rocketscience group I believe...
2) This is irrelevant in five out of the six groups you hit, and you
missed an even better one.
3) You need to learn to post errors if you want solutions. Postr the
complete error message.
With all of that said, FrontPage isn't the best method for coding ASP,
and you may be running into any number of permission errors. If you
post the error, we can likely direct you to a solution, be it
FrontPage, ASP or SQL, or more likely, a Windows permission error of
some sort.
Jeff
I like this line
Response.Write "Error code: " & err.number & "<br/>" response.Write sqlHold
very good idea.
A Delete statement doesn't use an asterisk (and most would tell you neither
does a Select) because it deletes the entire row, you can't delete just some
columns.
DELETE FROM hold WERE ISBN='188477766X" AND Username='test'
Is ISBN your primary key?
Looking at what you posted you don't use RSHold anywhere, so you may as well
get rid of it.
You should validate ALL data that comes from a client. You are inserting
into your SQL statement - straight out of the querystring. If some big
meanie changed the Querystring they could quickly wipe out your database.
I can't remember where it is, but I think Bob Barrows pointed it out to me,
about SQL Injection. I think it was www.sqlsecurity.com or something like
that.
I strongly recommend you follow Aaron's advice, and poke around aspfaq.com
and some of the other sites.
Tom B
"MC" <maxcoppin@-don't-send-me-any-spam-btinternet.com> wrote in message
news:aoaoc.8037$7S2.5938@newsfe1-win... I'm using the code in one of my ASP pages now that was working with
Access. The error code is:-
-2147217900
I can perform Select and update but nut delete.
I took your advices and the profiler shows two "SQL@BatchCompleted events
occuring, one with the corrct syntax:-
DELETE * FROM hold WHERE ISBN='188477766X' AND Username='test'
and one with
select * from DELETE * FROM hold WHERE ISBN='188477766X' AND
Username='test'
What is causing this? My asp code is below:-
Dim conn, rshold Set conn = Server.CreateObject("ADODB.Connection")
Set rshold = Server.CreateObject("ADODB.Recordset")
'---Opens the connection to the database---
conn.open "Provider=SQLOLEDB; Data Source = (local); Initial Catalog =
LibrarySQL; User Id = *****; Password=*****"
'---Retrieve the holds
sqlhold = "DELETE * FROM hold WHERE ISBN='" & Request.QueryString("ISBN")
& "' AND Username='" & Request.QueryString("Username") & "'"
On Error Resume Next
conn.Execute(sqlhold)
if err.number <> 0 then Response.Write "An error has occured"
Response.Write "Error code: " & err.number & "<br/>" response.Write
sqlHold
else
Response.Write
"hold cancelled"
end if
"Jeff Cochran" <jc*************@naplesgov.com> wrote in message
news:40****************@msnews.microsoft.com... On Tue, 11 May 2004 17:26:13 +0100, "MC"
<maxcoppin@-don't-send-me-any-spam-btinternet.com> wrote:
I'm trying to use ASP pages generated in Frontpage to update an SQL serverdatabase. I can view information from the database but cannot update,
Ijust get a message saying an error has occured. I am not too worried aboutsecurity, I'd be happy with one login that has the rights to do
anything inthe database, create, delete, etc So 2 questions:-
What's the easiest way of making a user account that has access to all db'sWhere are the error logs for the ASP page attempting to update the DB
stored?
1) You missed the alt.rocketscience group I believe...
2) This is irrelevant in five out of the six groups you hit, and you
missed an even better one.
3) You need to learn to post errors if you want solutions. Postr the
complete error message.
With all of that said, FrontPage isn't the best method for coding ASP,
and you may be running into any number of permission errors. If you
post the error, we can likely direct you to a solution, be it
FrontPage, ASP or SQL, or more likely, a Windows permission error of
some sort.
Jeff
Tom B wrote: I like this line
Response.Write "Error code: " & err.number & "<br/>" response.Write
sqlHold very good idea.
A Delete statement doesn't use an asterisk (and most would tell you
neither does a Select) because it deletes the entire row, you can't
delete just some columns.
Given that the OP is using SQL Server, this statement is correct. However,
if he was using Jet, "delete * from ..." is a perfectly acceptable JetSQL
query, and in versions A97 and earlier was the required syntax.
Bob Barrows
--
Microsoft MVP - ASP/ASP.NET
Please reply to the newsgroup. This email account is my spam trap so I
don't check it very often. If you must reply off-line, then remove the
"NO SPAM"
Really? I didn't know that. Doesn't really make any sense though, does it?
"Bob Barrows [MVP]" <re******@NOyahoo.SPAMcom> wrote in message
news:OD**************@TK2MSFTNGP10.phx.gbl... Tom B wrote: I like this line
Response.Write "Error code: " & err.number & "<br/>" response.Write
sqlHold very good idea.
A Delete statement doesn't use an asterisk (and most would tell you
neither does a Select) because it deletes the entire row, you can't
delete just some columns.
Given that the OP is using SQL Server, this statement is correct. However,
if he was using Jet, "delete * from ..." is a perfectly acceptable JetSQL
query, and in versions A97 and earlier was the required syntax.
Bob Barrows
--
Microsoft MVP - ASP/ASP.NET
Please reply to the newsgroup. This email account is my spam trap so I
don't check it very often. If you must reply off-line, then remove the
"NO SPAM"
I didn't say it made sense :-)
I used A95 and A97 for years before I started with SQL Server. You can
imagine how hard it was to get out of the habit of typing "DELETE * FROM
...."
The JetSQL syntax for multiple table delete and update statements is
different from T-SQL's. In JetSQL, you would do this to delete records from
table1 that have matching records in table2:
DELETE table1.* FROM table1 join table2 ON ...
So that's the reason the * is allowed in the statement: it allows you to
specify which table to delete the records from.
The equivalent T-SQL query would be:
DELETE FROM t1 FROM table1 t1 join table2 t2 ON ...
Bob Barrows
TomB wrote: Really? I didn't know that. Doesn't really make any sense though,
does it?
"Bob Barrows [MVP]" <re******@NOyahoo.SPAMcom> wrote in message
news:OD**************@TK2MSFTNGP10.phx.gbl... Tom B wrote: I like this line
Response.Write "Error code: " & err.number & "<br/>" response.Write
sqlHold very good idea.
A Delete statement doesn't use an asterisk (and most would tell you
neither does a Select) because it deletes the entire row, you can't
delete just some columns.
Given that the OP is using SQL Server, this statement is correct.
However, if he was using Jet, "delete * from ..." is a perfectly
acceptable JetSQL query, and in versions A97 and earlier was the
required syntax.
Bob Barrows
--
Microsoft MVP - ASP/ASP.NET
Please reply to the newsgroup. This email account is my spam trap so
I don't check it very often. If you must reply off-line, then remove
the "NO SPAM"
--
Microsoft MVP -- ASP/ASP.NET
Please reply to the newsgroup. The email account listed in my From
header is my spam trap, so I don't check it very often. You will get a
quicker response by posting to the newsgroup.
Thanks for the help guys.
I've run SQL profiler and it appears to execute the delete statement AND the
same statement with a "SELECT * FROM" straight afterwards. I think it's a
permissions problem still. When using access I know the IUSR_SERVER user
account has to have the approptiate permissions on the access file but
what's the SQL equivalent?
"Bob Barrows [MVP]" <re******@NOyahoo.SPAMcom> wrote in message
news:Oj**************@tk2msftngp13.phx.gbl... I didn't say it made sense :-)
I used A95 and A97 for years before I started with SQL Server. You can
imagine how hard it was to get out of the habit of typing "DELETE * FROM
..."
The JetSQL syntax for multiple table delete and update statements is
different from T-SQL's. In JetSQL, you would do this to delete records
from table1 that have matching records in table2:
DELETE table1.* FROM table1 join table2 ON ...
So that's the reason the * is allowed in the statement: it allows you to
specify which table to delete the records from.
The equivalent T-SQL query would be:
DELETE FROM t1 FROM table1 t1 join table2 t2 ON ...
Bob Barrows
TomB wrote: Really? I didn't know that. Doesn't really make any sense though,
does it?
"Bob Barrows [MVP]" <re******@NOyahoo.SPAMcom> wrote in message
news:OD**************@TK2MSFTNGP10.phx.gbl... Tom B wrote:
I like this line
Response.Write "Error code: " & err.number & "<br/>" response.Write
sqlHold very good idea.
A Delete statement doesn't use an asterisk (and most would tell you
neither does a Select) because it deletes the entire row, you can't
delete just some columns.
Given that the OP is using SQL Server, this statement is correct.
However, if he was using Jet, "delete * from ..." is a perfectly
acceptable JetSQL query, and in versions A97 and earlier was the
required syntax.
Bob Barrows
--
Microsoft MVP - ASP/ASP.NET
Please reply to the newsgroup. This email account is my spam trap so
I don't check it very often. If you must reply off-line, then remove
the "NO SPAM"
--
Microsoft MVP -- ASP/ASP.NET
Please reply to the newsgroup. The email account listed in my From
header is my spam trap, so I don't check it very often. You will get a
quicker response by posting to the newsgroup.
What does your connection string look like? Are you using SQL
authentication (then you need to worry about the username you use in the
connection string), or Windows authentication (then you need to worry about
IUSR_WebServer *or* the authenticated user(s) if IIS is also forcing windows
auth).
--
Aaron Bertrand
SQL Server MVP http://www.aspfaq.com/
"MC" <maxcoppin@-don't-send-me-any-spam-btinternet.com> wrote in message
news:5gqoc.46$Et.38@newsfe6-win... Thanks for the help guys.
I've run SQL profiler and it appears to execute the delete statement AND
the same statement with a "SELECT * FROM" straight afterwards. I think it's a
permissions problem still. When using access I know the IUSR_SERVER user
account has to have the approptiate permissions on the access file but
what's the SQL equivalent?
"Bob Barrows [MVP]" <re******@NOyahoo.SPAMcom> wrote in message
news:Oj**************@tk2msftngp13.phx.gbl... I didn't say it made sense :-)
I used A95 and A97 for years before I started with SQL Server. You can
imagine how hard it was to get out of the habit of typing "DELETE * FROM
..."
The JetSQL syntax for multiple table delete and update statements is
different from T-SQL's. In JetSQL, you would do this to delete records
from table1 that have matching records in table2:
DELETE table1.* FROM table1 join table2 ON ...
So that's the reason the * is allowed in the statement: it allows you to
specify which table to delete the records from.
The equivalent T-SQL query would be:
DELETE FROM t1 FROM table1 t1 join table2 t2 ON ...
Bob Barrows
TomB wrote: Really? I didn't know that. Doesn't really make any sense though,
does it?
"Bob Barrows [MVP]" <re******@NOyahoo.SPAMcom> wrote in message
news:OD**************@TK2MSFTNGP10.phx.gbl...
> Tom B wrote:
>> I like this line
>> Response.Write "Error code: " & err.number & "<br/>" response.Write
>> sqlHold very good idea.
>>
>> A Delete statement doesn't use an asterisk (and most would tell you
>> neither does a Select) because it deletes the entire row, you can't
>> delete just some columns.
>>
>
> Given that the OP is using SQL Server, this statement is correct.
> However, if he was using Jet, "delete * from ..." is a perfectly
> acceptable JetSQL query, and in versions A97 and earlier was the
> required syntax.
>
> Bob Barrows
>
> --
> Microsoft MVP - ASP/ASP.NET
> Please reply to the newsgroup. This email account is my spam trap so
> I don't check it very often. If you must reply off-line, then remove
> the "NO SPAM"
--
Microsoft MVP -- ASP/ASP.NET
Please reply to the newsgroup. The email account listed in my From
header is my spam trap, so I don't check it very often. You will get a
quicker response by posting to the newsgroup.
the connection string looks like this:-
conn.open "Provider=SQLOLEDB; Data Source = (local); Initial Catalog =
LibrarySQL; User Id = sa; Password=*****"
This is SQL authentication isn't it? How and where does IIS force windows
authentication?
"Aaron Bertrand - MVP" <aa***@TRASHaspfaq.com> wrote in message
news:eh**************@TK2MSFTNGP12.phx.gbl... What does your connection string look like? Are you using SQL
authentication (then you need to worry about the username you use in the
connection string), or Windows authentication (then you need to worry
about IUSR_WebServer *or* the authenticated user(s) if IIS is also forcing
windows auth).
--
Aaron Bertrand
SQL Server MVP
http://www.aspfaq.com/
"MC" <maxcoppin@-don't-send-me-any-spam-btinternet.com> wrote in message
news:5gqoc.46$Et.38@newsfe6-win... Thanks for the help guys.
I've run SQL profiler and it appears to execute the delete statement AND
the same statement with a "SELECT * FROM" straight afterwards. I think it's
a permissions problem still. When using access I know the IUSR_SERVER
user account has to have the approptiate permissions on the access file but
what's the SQL equivalent?
"Bob Barrows [MVP]" <re******@NOyahoo.SPAMcom> wrote in message
news:Oj**************@tk2msftngp13.phx.gbl... I didn't say it made sense :-)
I used A95 and A97 for years before I started with SQL Server. You can
imagine how hard it was to get out of the habit of typing "DELETE *
FROM ..."
The JetSQL syntax for multiple table delete and update statements is
different from T-SQL's. In JetSQL, you would do this to delete records
from table1 that have matching records in table2:
DELETE table1.* FROM table1 join table2 ON ...
So that's the reason the * is allowed in the statement: it allows you
to specify which table to delete the records from.
The equivalent T-SQL query would be:
DELETE FROM t1 FROM table1 t1 join table2 t2 ON ...
Bob Barrows
TomB wrote:
> Really? I didn't know that. Doesn't really make any sense though,
> does it?
>
> "Bob Barrows [MVP]" <re******@NOyahoo.SPAMcom> wrote in message
> news:OD**************@TK2MSFTNGP10.phx.gbl...
>> Tom B wrote:
>>> I like this line
>>> Response.Write "Error code: " & err.number & "<br/>"
response.Write >>> sqlHold very good idea.
>>>
>>> A Delete statement doesn't use an asterisk (and most would tell
you >>> neither does a Select) because it deletes the entire row, you
can't >>> delete just some columns.
>>>
>>
>> Given that the OP is using SQL Server, this statement is correct.
>> However, if he was using Jet, "delete * from ..." is a perfectly
>> acceptable JetSQL query, and in versions A97 and earlier was the
>> required syntax.
>>
>> Bob Barrows
>>
>> --
>> Microsoft MVP - ASP/ASP.NET
>> Please reply to the newsgroup. This email account is my spam trap
so >> I don't check it very often. If you must reply off-line, then
remove >> the "NO SPAM"
--
Microsoft MVP -- ASP/ASP.NET
Please reply to the newsgroup. The email account listed in my From
header is my spam trap, so I don't check it very often. You will get a
quicker response by posting to the newsgroup.
On Wed, 12 May 2004 15:11:31 +0100, "MC"
<maxcoppin@-don't-send-me-any-spam-btinternet.com> wrote: Thanks for the help guys.
I've run SQL profiler and it appears to execute the delete statement AND the
same statement with a "SELECT * FROM" straight afterwards. I think it's a
permissions problem still. When using access I know the IUSR_SERVER user
account has to have the approptiate permissions on the access file but
what's the SQL equivalent?
Depends on the authentication you use. If it's Windows Integrated,
the IUSR account needs to have access on the SQL tables/database. If
you're using a SQL authentication, then it depends on that SQL user.
My personal preference for anonymous SQL use is SQL Authentication,
with the user/password in the connection string. Something like:
Provider=sqloledb;Data Source=SQLServer;Initial Catalog=Northwind;User
Id=sa;Password=password;
Naturally, not using the SA account and not having the password for it
be "password" are recommended security options... :)
In which case you create a SQL user for the connection, with the
access needed for the app in question. But that's a SQL group topic.
Jeff
"Bob Barrows [MVP]" <re******@NOyahoo.SPAMcom> wrote in message
news:Oj**************@tk2msftngp13.phx.gbl... I didn't say it made sense :-)
I used A95 and A97 for years before I started with SQL Server. You can
imagine how hard it was to get out of the habit of typing "DELETE * FROM
..."
The JetSQL syntax for multiple table delete and update statements is
different from T-SQL's. In JetSQL, you would do this to delete records
from table1 that have matching records in table2:
DELETE table1.* FROM table1 join table2 ON ...
So that's the reason the * is allowed in the statement: it allows you to
specify which table to delete the records from.
The equivalent T-SQL query would be:
DELETE FROM t1 FROM table1 t1 join table2 t2 ON ...
Bob Barrows
TomB wrote: > Really? I didn't know that. Doesn't really make any sense though,
> does it?
>
> "Bob Barrows [MVP]" <re******@NOyahoo.SPAMcom> wrote in message
> news:OD**************@TK2MSFTNGP10.phx.gbl...
>> Tom B wrote:
>>> I like this line
>>> Response.Write "Error code: " & err.number & "<br/>" response.Write
>>> sqlHold very good idea.
>>>
>>> A Delete statement doesn't use an asterisk (and most would tell you
>>> neither does a Select) because it deletes the entire row, you can't
>>> delete just some columns.
>>>
>>
>> Given that the OP is using SQL Server, this statement is correct.
>> However, if he was using Jet, "delete * from ..." is a perfectly
>> acceptable JetSQL query, and in versions A97 and earlier was the
>> required syntax.
>>
>> Bob Barrows
>>
>> --
>> Microsoft MVP - ASP/ASP.NET
>> Please reply to the newsgroup. This email account is my spam trap so
>> I don't check it very often. If you must reply off-line, then remove
>> the "NO SPAM"
--
Microsoft MVP -- ASP/ASP.NET
Please reply to the newsgroup. The email account listed in my From
header is my spam trap, so I don't check it very often. You will get a
quicker response by posting to the newsgroup.
> conn.open "Provider=SQLOLEDB; Data Source = (local); Initial Catalog = LibrarySQL; User Id = sa; Password=*****"
This is SQL authentication isn't it?
Yes. However, I *strongly* recommend you don't use the sa user for your ASP
page connections, nor is it ever a good idea to expose your sa password
(even in ASP pages that reside on the file system and are "protected" from
casual viewing).
How and where does IIS force windows authentication?
I don't think this is relevant in your case, but you can disable anonymous
access in Internet Services Manager and force your users to authenticate.
Typically you would do this in an intranet environment, not internet.
I've run SQL profiler and it appears to execute the delete statement AND the
same statement with a "SELECT * FROM" straight afterwards. I think it's a
permissions problem still.
Why do you think that?
You say you get error -2147217900 ... what is the *TEXT* of the error
message? (Sorry, I haven't memorized the error code represented by every
32-bit integer.)
Also, I suspect that your page is executing multiple SQL statements, and you
are using the same variable throughout. This could easily explain how
"DELETE hold WHERE..." becomes "select * from DELETE hold WHERE..."
Maybe if you show ALL of your code, instead of only the parts you think are
relevant, you might get better answers.
--
Aaron Bertrand
SQL Server MVP http://www.aspfaq.com/
MC wrote: the connection string looks like this:-
conn.open "Provider=SQLOLEDB; Data Source = (local); Initial Catalog =
LibrarySQL; User Id = sa; Password=*****"
This is SQL authentication isn't it?
Yes
Horribly misguided SQL authentication, but SQL authentication it is.
How and where does IIS force
windows authentication?
It doesn't. Your connection string controls it.
I've run SQL profiler and it appears to execute the delete
statement AND the same statement with a "SELECT * FROM" straight
afterwards. I think it's a permissions problem still. When using
access I know the IUSR_SERVER user account has to have the
approptiate permissions on the access file but what's the SQL
equivalent?
The sa account is "god" in your database server. It can do anything.in that
server*. There should not be any permissions problems here. You mentioned an
error code (-2147217900) in an earlier message. Please tell us the text of
the error message so we have a better chance of helping you. Are you still
getting that error now that you've corrected the statement's syntax? It
should be:
DELETE FROM hold WERE ISBN='188477766X" AND Username='test'
Bob Barrows
*including execute operating system commands, which is why you should never
use sa in your applications! You should create a sql login account with
limited permissions and use that login in your application connection
strings.
--
Microsoft MVP -- ASP/ASP.NET
Please reply to the newsgroup. The email account listed in my From
header is my spam trap, so I don't check it very often. You will get a
quicker response by posting to the newsgroup.
>*including execute operating system commands, which is why you should never use sa in your applications! You should create a sql login account with
limited permissions and use that login in your application connection
strings.
As a secondary part of this, is there an online resource with either
suggested permissions or where you can easily (for a Non-SQL type)
figure the best permissions? I know what I use, and I know it's not
appropriate for many other users, so I don't really have a setup to
refer people to when they have this kind of an issue.
Thanks,
Jeff
In most cases, a web app should use a SQL Server user in the datareader and
datawriter roles. Anything more than that is usually an exception, because
the ASP application is making stored procedure calls that require elevated
permissions (e.g. to shell out to a log file, use an extended stored
procedure, drop/create tables, etc).
--
Aaron Bertrand
SQL Server MVP http://www.aspfaq.com/
"Jeff Cochran" <jc*************@naplesgov.com> wrote in message
news:40***************@msnews.microsoft.com... *including execute operating system commands, which is why you should
neveruse sa in your applications! You should create a sql login account with
limited permissions and use that login in your application connection
strings.
As a secondary part of this, is there an online resource with either
suggested permissions or where you can easily (for a Non-SQL type)
figure the best permissions? I know what I use, and I know it's not
appropriate for many other users, so I don't really have a setup to
refer people to when they have this kind of an issue.
Thanks,
Jeff
This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics | |
by: Hazzard |
last post by:
I just realized that the code I inherited is using all asp.net server
controls (ie. webform controls) and when I try to update textboxes on the
client side, I lose the new value of the textbox when...
|
by: EP |
last post by:
When running my asp.net hosting service (asp.net without IIS), on server
2003 with IIS not installed, I get the following when trying to process a
request.
"System.DllNotFoundException: Unable to...
|
by: Mike |
last post by:
Hi,
I am strugling with a simple problem which I can't seem to resolve.
I have an asp.net page which contains a server-control (flytreeview,
which is a kind
of a tree to be exact).
The tree is...
|
by: coosa |
last post by:
Hi,
I was installing SQL Server on my machine and during installation my PC
freezed. It happens frequently on my machine. So i tried after
restarting to install it again and since then i always...
|
by: Jobs |
last post by:
Download the JAVA , .NET and SQL Server interview with answers
Download the JAVA , .NET and SQL Server interview sheet and rate
yourself. This will help you judge yourself are you really worth of...
| | |
by: sara |
last post by:
Hi All,
I was able to connect to MS SQL Server 2005 on my computer but after a
while I can not. When I want to connect to it using MS SQL Server
Management Studio I got this error:
An error...
|
by: manish deshpande |
last post by:
Hi,
When i'm installing MySQL-server-standard-5.0.24a-0.rhel3.i386.rpm by the following command:
rpm -i MySQL-server-standard-5.0.24a-0.rhel3.i386.rpm the following error is being shown:
...
|
by: Developer |
last post by:
Hello All,
i have recently installed VS2005 and was trying to install SQL sever
2000.
I have Win XP' SP2. But when I tried installing, it only installed
client tools and not the database.
Can...
|
by: Lee T. Hawkins |
last post by:
I am having a number of problems over the last two full days trying to get
an ASP.NET 2.0 application to connect to a SQL Server 2005 database...
First off, I built this application w/ Visual...
|
by: Hystou |
last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can...
|
by: Oralloy |
last post by:
Hello folks,
I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>".
The problem is that using the GNU compilers,...
| | |
by: tracyyun |
last post by:
Dear forum friends,
With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each...
|
by: isladogs |
last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM).
In this session, we are pleased to welcome a new...
|
by: conductexam |
last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and...
|
by: TSSRALBI |
last post by:
Hello
I'm a network technician in training and I need your help.
I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs.
The...
|
by: 6302768590 |
last post by:
Hai team
i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated ...
|
by: muto222 |
last post by:
How can i add a mobile payment intergratation into php mysql website.
| | |
by: bsmnconsultancy |
last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence...
| |
