Re: .ASP security question

Fri, 05 Mar 2004 11:24:04 -0800

I know the conn string, it's in one of the ASP scripts:
var oConnString = "Provider=Microsoft.Jet.OLEDB.4.0;Data Source=\\inetpub\\wwwroot\\Competency Model\\newTool\\db\\competencies.mdb;";
%>

Is it possible that OLEDB can query a password-protected Access
database WITHOUT using a password?

Thanks. /Ben

> Forgot the closing parentheses:
> response.write ("The conn string is: " + oConnString + " <br>">)
>
  
> ----- Original Message -----
  
> From: Matthew Small
  
> To: CF-Community
  
> Sent: Friday, March 05, 2004 1:56 PM
  
> Subject: Re: .ASP security question
>
>
  
> You need to find out the value of oConnString. Try this in your app:
  ...
>
  
> var oPass = Request.Form("pWord");
>
  
> response.write ("The conn string is: " + oConnString + " <br>">
>
  
> //Open database connection
  ...
>
>
  
> That will display your connection string in the browser.  Of course,
> it will be available to everyone who views that page.
>
  
> - Matt Small
   
> ----- Original Message -----
   
> From: Ben Braver
   
> To: CF-Community
   
> Sent: Friday, March 05, 2004 12:45 PM
   
> Subject: Re: .ASP security question
>
   
> Searched the code for "password" and found this:
>
   
> //Retrieve username and password from previous form
   
> var oUser = Request.Form("uName");
   
> var oPass = Request.Form("pWord");
>
   
> //Open database connection
   
> var tblAuth = Server.CreateObject("ADODB.Recordset");
   
> var strSQL = "Select * FROM Authentication";
   
> oConn.Open(oConnString);
   
> tblAuth.Open(strSQL, oConn);
>
   
> Just below this fragment, it tries to match uName and pWord
   
> against the recordset, decides whether to grant or deny.
>
   
> But still puzzling me is how the ADODB recordset can be created
   
> without having a password to the Access database ??
>
   
> -Ben
>
   
> >PS, given the ability to reference the system.mdw,
   
> >it would seem that the OLE DB connection is using Access security.
   
> >
   
> >this is from the url I referenced:
   
> >
   
> >The final Connection String should look like this:
   
> >Provider=Microsoft.Jet.OLEDB.4.0;Password=joe;User ID=jim;Data
   
> >Source=C:\My.mdb;Persist Security Info=True;Jet OLEDB:System
   
> >database=C:\Program Files\Common Files\System\SYSTEM.MDW;Jet
> OLEDB:Database
   
> >Password=14323
   
> >
   
> >
   
> >-----Original Message-----
   
> >From: bbraver <mailto:[EMAIL PROTECTED]>
   
> >
   
> >
   
> >
   
> >Outbound email scanned for viruses. (e232)
[Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings]

Reply via email to