response.write ("The conn string is: " + oConnString + " <br>">)
----- Original Message -----
From: Matthew Small
To: CF-Community
Sent: Friday, March 05, 2004 1:56 PM
Subject: Re: .ASP security question
You need to find out the value of oConnString. Try this in your app:
...
var oPass = Request.Form("pWord");
response.write ("The conn string is: " + oConnString + " <br>">
//Open database connection
...
That will display your connection string in the browser. Of course, it will be available to everyone who views that page.
- Matt Small
----- Original Message -----
From: Ben Braver
To: CF-Community
Sent: Friday, March 05, 2004 12:45 PM
Subject: Re: .ASP security question
Searched the code for "password" and found this:
//Retrieve username and password from previous form
var oUser = Request.Form("uName");
var oPass = Request.Form("pWord");
//Open database connection
var tblAuth = Server.CreateObject("ADODB.Recordset");
var strSQL = "Select * FROM Authentication";
oConn.Open(oConnString);
tblAuth.Open(strSQL, oConn);
Just below this fragment, it tries to match uName and pWord
against the recordset, decides whether to grant or deny.
But still puzzling me is how the ADODB recordset can be created
without having a password to the Access database ??
-Ben
>PS, given the ability to reference the system.mdw,
>it would seem that the OLE DB connection is using Access security.
>
>this is from the url I referenced:
>
>The final Connection String should look like this:
>Provider=Microsoft.Jet.OLEDB.4.0;Password=joe;User ID=jim;Data
>Source=C:\My.mdb;Persist Security Info=True;Jet OLEDB:System
>database=C:\Program Files\Common Files\System\SYSTEM.MDW;Jet OLEDB:Database
>Password=14323
>
>
>-----Original Message-----
>From: bbraver <mailto:[EMAIL PROTECTED]>
>
>
>
>Outbound email scanned for viruses. (e232)
[Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings]
