RE: CF and MS SQL server authentication
They need to run as the same account. For example... if you set both up to run as "Administrator" that would solve your problems. I DO NOT recommend this in a production environment. I myself usually set up an account called "ColdFusion" or something like that and give it only the necessary permissions. I then connect to my SQL server using SQL authentication and a VERY long password. Ideally, your SQL server should NOT be exposed to the internet. Run it on a private .10 network or something instead. Is there any reason why you need Windows only authentication? -Novak -Original Message- From: Tom Kitta [mailto:[EMAIL PROTECTED] Sent: Tuesday, December 09, 2003 10:37 AM To: CF-Talk Subject: CF and MS SQL server authentication When setting up ColdFusion to work with MS SQL server 2000 I am having trouble with usage of Windows only authentication (prefered), I am forced to use SQL authentication. SQL and CF run on different computers on the same network. What accounts (permissions) should SQL and CF work on for windows authentication to work? TK _ [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings]
RE: CF and MS SQL server authentication
Tom, Just out of curiosity, why do you prefer Windows authentication? I always thought SQL Server authentication was better... I am definitely Interested in responses... Mike -Original Message- From: Tom Kitta [mailto:[EMAIL PROTECTED] Sent: Tuesday, December 09, 2003 1:37 PM To: CF-Talk Subject: CF and MS SQL server authentication When setting up ColdFusion to work with MS SQL server 2000 I am having trouble with usage of Windows only authentication (prefered), I am forced to use SQL authentication. SQL and CF run on different computers on the same network. What accounts (permissions) should SQL and CF work on for windows authentication to work? TK _ [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings]
Re: CF and MS SQL server authentication
I want Windows Authentication for security reasons, SQL server simply is not as secure as Windows. SQL server 2000 does not support locking out, minimal password length, password expiry etc. So someone can setup a system whereas the SQL server is being bombarded with attempts to gain access, windows will lock the user out. SQL server admin guide recommends using windows authentication and fall back to SQL authentication in special circumstances (also for someone out there using win98 or winME which do not support windows authentication). As for running SQL server on private network, that would be fine except for remote administration - how can one with ease connect to a host on a private network from a remote location. TK - Original Message - From: Tangorre, Michael To: CF-Talk Sent: Tuesday, December 09, 2003 1:38 PM Subject: RE: CF and MS SQL server authentication Tom, Just out of curiosity, why do you prefer Windows authentication? I always thought SQL Server authentication was better... I am definitely Interested in responses... Mike -Original Message- From: Tom Kitta [mailto:[EMAIL PROTECTED] Sent: Tuesday, December 09, 2003 1:37 PM To: CF-Talk Subject: CF and MS SQL server authentication When setting up ColdFusion to work with MS SQL server 2000 I am having trouble with usage of Windows only authentication (prefered), I am forced to use SQL authentication. SQL and CF run on different computers on the same network. What accounts (permissions) should SQL and CF work on for windows authentication to work? TK _ [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings]
Re: CF and MS SQL server authentication
Currenly, the drivers that come with CFMX do not support windows authentication, although they are supposed to be included in a later release. To login into a private remote computer, log onto a computer than you can access publicly, and then from that computer, remote login into the private computer. - Original Message - From: Tom Kitta <[EMAIL PROTECTED]> Date: Tuesday, December 9, 2003 12:16 pm Subject: Re: CF and MS SQL server authentication > I want Windows Authentication for security reasons, SQL server > simply is not as secure as Windows. SQL server 2000 does not > support locking out, minimal password length, password expiry etc. > So someone can setup a system whereas the SQL server is being > bombarded with attempts to gain access, windows will lock the user > out. SQL server admin guide recommends using windows > authentication and fall back to SQL authentication in special > circumstances (also for someone out there using win98 or winME > which do not support windows authentication). > > As for running SQL server on private network, that would be fine > except for remote administration - how can one with ease connect > to a host on a private network from a remote location. > > TK > - Original Message - > From: Tangorre, Michael > To: CF-Talk > Sent: Tuesday, December 09, 2003 1:38 PM > Subject: RE: CF and MS SQL server authentication > > > Tom, > > > Just out of curiosity, why do you prefer Windows authentication? > I always > thought SQL Server authentication was better... > I am definitely Interested in responses... > > > Mike > > -Original Message- > From: Tom Kitta [EMAIL PROTECTED] > Sent: Tuesday, December 09, 2003 1:37 PM > To: CF-Talk > Subject: CF and MS SQL server authentication > > When setting up ColdFusion to work with MS SQL server 2000 I am > having trouble with usage of Windows only authentication > (prefered), I am forced to > use SQL authentication. SQL and CF run on different computers on > the same > network. What accounts (permissions) should SQL and CF work on > for windows > authentication to work? > > TK > _ > > [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings]
RE: CF and MS SQL server authentication
> I want Windows Authentication for security reasons, SQL > server simply is not as secure as Windows. SQL server 2000 > does not support locking out, minimal password length, > password expiry etc. So someone can setup a system whereas > the SQL server is being bombarded with attempts to gain > access, windows will lock the user out. SQL server admin > guide recommends using windows authentication and fall back > to SQL authentication in special circumstances (also for > someone out there using win98 or winME which do not support > windows authentication). While in general, I would agree with this, I think that for web applications, native SQL authentication is often better. You might have many datasources on a single CF machine, for example, but if you're using Windows authentication you'll only have one account for all your applications - the one in which your CF service runs. > As for running SQL server on private network, that would be > fine except for remote administration - how can one with ease > connect to a host on a private network from a remote location. In that case, maybe you shouldn't be able to remotely administer your database server. In any case, your database server should not arbitrarily accept connections from anywhere in the world, and it really shouldn't be accessible at all from a public network. It should only accept connections from the web server, or from trusted internal sources. If you absolutely need remote administration, you could administer it from the web server, I suppose, although that has its own obvious problems. Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ voice: (202) 797-5496 fax: (202) 797-5444 [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings]
RE: CF and MS SQL server authentication
>> As for running SQL server on private network, that would be >> fine except for remote administration - how can one with ease >> connect to a host on a private network from a remote location. > > In that case, maybe you shouldn't be able to remotely administer your > database server. In any case, your database server should not arbitrarily > accept connections from anywhere in the world, and it really shouldn't be > accessible at all from a public network. It should only accept connections > from the web server, or from trusted internal sources. If you absolutely > need remote administration, you could administer it from the web server, I > suppose, although that has its own obvious problems. > That might work for a single company's site, but hosting companies can't do that. You have to give your clients some kind of remote access to manage their databases. Are there any techniques/suggestions for allowing remote access to SQL server via the internet? Obviously changing the port is one small step but are there others people are using? Tom Nunamaker [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings]
RE: CF and MS SQL server authentication
Complete user lockdown and then carefully assigning permissions on the object level. :-) I would imagine anyways Mike -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Tuesday, December 09, 2003 3:12 PM To: CF-Talk Subject: RE: CF and MS SQL server authentication >> As for running SQL server on private network, that would be >> fine except for remote administration - how can one with ease >> connect to a host on a private network from a remote location. > > In that case, maybe you shouldn't be able to remotely administer your > database server. In any case, your database server should not arbitrarily > accept connections from anywhere in the world, and it really shouldn't be > accessible at all from a public network. It should only accept connections > from the web server, or from trusted internal sources. If you absolutely > need remote administration, you could administer it from the web server, I > suppose, although that has its own obvious problems. > That might work for a single company's site, but hosting companies can't do that. You have to give your clients some kind of remote access to manage their databases. Are there any techniques/suggestions for allowing remote access to SQL server via the internet? Obviously changing the port is one small step but are there others people are using? Tom Nunamaker _ [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings]
RE: CF and MS SQL server authentication
> That might work for a single company's site, but hosting > companies can't do that. You have to give your clients > some kind of remote access to manage their databases. Are > there any techniques/suggestions for allowing remote access > to SQL server via the internet? Obviously changing the port > is one small step but are there others people are using? In fact, hosting companies can, and do, limit access to database servers so that they only can be reached through the web server or through trusted sources. I've worked with hosting companies who've done these things for their clients. If you're talking about shared hosting, though, I'm not sure how I'd respond to that. I'm not a big fan of any sort of shared hosting, when it comes to security concerns, though. Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ voice: (202) 797-5496 fax: (202) 797-5444 [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings]
Re: CF and MS SQL server authentication
[EMAIL PROTECTED] wrote: > > That might work for a single company's site, but hosting companies can't do that. You > have to give your clients some kind of remote access to manage their databases. Are > there any techniques/suggestions for allowing remote access to SQL server via the > internet? Obviously changing the port is one small step but are there others people are > using? We do hosting with PostgreSQL and provide remote logins if people want it. Upon request we allow logins to specific databases, with specific usernames, from specific IP adresses on the internet. The only thing we require is that people connect to the databse using SSL. We don't really see a problem with people willing to put their own data at risk. Surely you can build something similar into MS SQL Server. Jochem -- When you don't want to be surprised by the revolution organize one yourself - Loesje [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings]
