When you set up 'Use Trusted Connection' in the VFP Conneciton, you are overridding the DSN. Besides, that is not secure anwya, your user could go change the DSN. Also your NT user account must have access to the database. At the backend you would have to turn of NT Security and only allow SQL Server security if you didn't want NT Authentication to take place.
BOb
>Charlie,
>
>thanks for the reply - but let me make sure I understand ...
>
>You are saying that if I can log into NT as a windows client, then I can log on to SQL server WITHOUT supplying any separate password REGARDLESS of how the DSN is set-up? This seems like a SERIOUS security problem to me if it is true.
>
>Ken
>
>>Ken:
>>
>>With SQL Server Authentication (mixed mode), if your a trusted connection(windows client) you are first authenitcated on NT and then again in SQL Server. If you do not supply a network login, it will use the username and password that the client used for login. Only nontrusted connections (web browsers and non windows clients) are authenticated in SQL Server only.
>>
>>Charlie
Précédent
Suivant
Répondre
Voir le fil de ce thread
Voir le fil de ce thread à partir de ce message seulement
Voir tous les messages de ce thread
Voir tous les messages de ce thread à partir de ce message seulement