I just don't know... why don't you try doing that yourself? If you can query the datasource without a password, then you can definitely extract everything you need from the database. Not necessarily the easiest workaround, but definitely doable.
- Matt Small
----- Original Message -----
From: Ben Braver
To: CF-Community
Sent: Friday, March 05, 2004 1:25 PM
Subject: Re: .ASP security question
I know the conn string, it's in one of the ASP scripts:
var oConnString = "Provider=Microsoft.Jet.OLEDB.4.0;Data Source=\\inetpub\\wwwroot\\Competency Model\\newTool\\db\\competencies.mdb;";
%>
Is it possible that OLEDB can query a password-protected Access
database WITHOUT using a password?
Thanks. /Ben
> Forgot the closing parentheses:
> response.write ("The conn string is: " + oConnString + " <br>">)
>
> ----- Original Message -----
> From: Matthew Small
> To: CF-Community
> Sent: Friday, March 05, 2004 1:56 PM
> Subject: Re: .ASP security question
>
>
> You need to find out the value of oConnString. Try this in your app:
...
>
> var oPass = Request.Form("pWord");
>
> response.write ("The conn string is: " + oConnString + " <br>">
>
> //Open database connection
...
>
>
> That will display your connection string in the browser. Of course,
> it will be available to everyone who views that page.
>
> - Matt Small
> ----- Original Message -----
> From: Ben Braver
> To: CF-Community
> Sent: Friday, March 05, 2004 12:45 PM
> Subject: Re: .ASP security question
>
> Searched the code for "password" and found this:
>
> //Retrieve username and password from previous form
> var oUser = Request.Form("uName");
> var oPass = Request.Form("pWord");
>
> //Open database connection
> var tblAuth = Server.CreateObject("ADODB.Recordset");
> var strSQL = "Select * FROM Authentication";
> oConn.Open(oConnString);
> tblAuth.Open(strSQL, oConn);
>
> Just below this fragment, it tries to match uName and pWord
> against the recordset, decides whether to grant or deny.
>
> But still puzzling me is how the ADODB recordset can be created
> without having a password to the Access database ??
>
> -Ben
>
> >PS, given the ability to reference the system.mdw,
> >it would seem that the OLE DB connection is using Access security.
> >
> >this is from the url I referenced:
> >
> >The final Connection String should look like this:
> >Provider=Microsoft.Jet.OLEDB.4.0;Password=joe;User ID=jim;Data
> >Source=C:\My.mdb;Persist Security Info=True;Jet OLEDB:System
> >database=C:\Program Files\Common Files\System\SYSTEM.MDW;Jet
> OLEDB:Database
> >Password=14323
> >
> >
> >-----Original Message-----
> >From: bbraver <mailto:[EMAIL PROTECTED]>
> >
> >
> >
> >Outbound email scanned for viruses. (e232)
[Todays Threads]
[This Message]
[Subscription]
[Fast Unsubscribe]
[User Settings]
- RE: .ASP security question Harkins, Patrick
- Re: .ASP security question Ben Braver
- Re: .ASP security question Matthew Small
- Re: .ASP security question Ben Braver
- RE: .ASP security question Harkins, Patrick
- Re: .ASP security question Ben Braver
- Re: .ASP security question Matthew Small
- Re: .ASP security question Matthew Small
- Re: .ASP security question Ben Braver
- RE: .ASP security question Matthew Small
- RE: .ASP security question Harkins, Patrick
- RE: .ASP security question Harkins, Patrick
- Re: .ASP security question Ben Braver