July 15, 2002 at 8:30 am
Hi,
I have the following situation as experiment. I have a sql login X. I have granted X some permissions in a user database. With a asp page i connect to the userdatabase with X and password in the ado.connectionstring. So far no problems. To try the working of sp_denydatareader i added the quest login from master to db_denydatareader. From this moment i could not use qa qith user X which is what is expected. However i still can connect with my asp page. I used profiler to find the sql but found nothing. For qa i found a select on master..spt_values. For asp i just found a select on my user table.. and nothing on master.
So the question is:
How does ado check if a user exists in master and how do i trace that with profiler?
thanks for the effort.
Best regards,
Klaas-Jan
Edited by - Klaas-Jan on 07/15/2002 08:42:09 AM
July 15, 2002 at 9:24 am
Putting them in the denyreader role doesn't mean they cant connect, just that they can't read from your tables.
Andy
July 16, 2002 at 3:48 am
Thanks Andy.
How does ado then checks the login in the master database without using a select on sysxlogins ?
best regards,
Klaas-Jan
July 16, 2002 at 6:13 am
ADO doesn't. ADO is just another abstraction between you and the SQL engine. It asks for the data, SQL decides if it's authorized or not. Only way it will work otherwise you could bypass SQL security by writing your own provider.
Andy
Viewing 4 posts - 1 through 3 (of 3 total)
You must be logged in to reply to this topic. Login to reply