> > So I would assume that if you want to connect from a web site you should > > use sql auth because you do not want to assume the user is using > > windows.
> Well, you could set up a special user on the Windows side that just has > access to the relevant SQL data, can't log on to a desktop session etc > etc, but as others have said it's usually just easier to use SQL > authorisation. Just make sure you encrypt the password if you have > connection strings in config files ! Last I knew(SQL2000), you can't do that-- you'll get errors about it not being a "trusted connection" if you're not connecting from a computer on the same Windows domain(or a trusted domain)... You can't even fake it as you can with most things using 'net use'-- the client machine must be in the 'windows network', as defined by domain, etc. It was a big PITA when I had to deal with this with a branch office(formerly different company) and we had to get access to their SQL database and the admin didn't want to enable SQL auth and we couldn't trust the domain until a real VPN was in place, etc... Oh, the headaches in that place-- I'm glad that's not my job anymore... ;-) I'd strongly suggest setting up sql authentication, which is done in earlier versions in enterprise manager, right clicking the server and going to 'properties'. MSDE disables it by default I believe. As for the "end users running windows", that shouldn't matter if you're developing a website, as you should never have client-code on the web accessing your database directly-- they should request php/asp/etc. files and those files will connect to your database and generate html... AJAX being an exception to the rule, as it provides the communications layer so your clients aren't truly connecting to the database directly... -- Derek _______________________________________________ Post Messages to: ProFox@leafe.com Subscription Maintenance: http://leafe.com/mailman/listinfo/profox OT-free version of this list: http://leafe.com/mailman/listinfo/profoxtech ** All postings, unless explicitly stated otherwise, are the opinions of the author, and do not constitute legal or medical advice. This statement is added to the messages for those lawyers who are too stupid to see the obvious.