Newbie Feeling Inadequate!!!
-
OK, I am a very good designer in MS Access. I am also pretty good using ASP and VBScript (well, I use Dreamweaver). I have a web site that I am designing. It is ran off of my Access DB. I have over 30 seperate tables, and one stored procedure (a query).
Once I showed this web-site to my boss he immediately wanted to implement it into our section. So started my problems...
Problem 1) I can now expect at least 5-30 concurrent users, which means Access will choke and die
- Solution 1) Upsize to MS SQL Server...
Problem 2) Section can't afford to buy SQL Server...so I thought MSDE (then I found MS SQLServer 2005 Express) Still slows down after 8 concurrent users, but better than Access!!!
- Solution 2) Downloaded and installed
Problem 3) Thats as far as I am. I upsized my Access database to the SQL Server (everything seemed to work great). But now I cannot connect with my web pages. I have so much SQL written into my VBScript code, I dont know if it is good with SQL Server or not. I dont know how to do anything with SQL Server.
I really understand DB Design Theory, I have an OK working knowledge of SQL (At least as far as JET goes), I can work my way through VBScript codeing...but I feel completly lost with the SQL Server. I really dont even know where to begin. And because I am pretty much sef taught, reading a technical manual means as much to me as someone speaking martian. Any thoughts on down to earth step-by-step guides, articles for using SQL Server as a ASP backend... maybe even with Dreamweaver?
-
"But now I cannot connect with my web pages. I have so much SQL written into my VBScript code, I dont know if it is good with SQL Server or not. I dont know how to do anything with SQL Server."
What error are you getting when you view your web page?
--------------------
Colt 45 - the original point and click interface
-
Microsoft OLE DB Provider for ODBC Drivers error '80004005'
[Microsoft][ODBC Driver Manager] Data source name not found and no default driver specified
/index.asp, line 29
HERES MY CONNECTION STRING:
<%
' FileName="Connection_odbc_conn_dsn.htm"
' Type="ADO"
' DesigntimeType="ADO"
' HTTP="false"
' Catalog=""
' Schema=""
Dim MM_SFCATS_Robins_STRING
MM_SFCATS_Robins_STRING = "dsn=Local;uid=sa;pwd=*******;"
-
Ok, you're forgiven because you've only just started with SQL Server
Using the sa account to connect to SQL Server is a BIG no-no. The 'sa' account is the System Administrator of the server and as such no permissions are checked so the user connecting can perform any action they want. Even to the extent of deleting databases and shutting down the server. Better option would be to create a seperate non-admin user in your database that has the permissions you need.
Also, it looks like you're using an actual ODBC DSN. Did the "Test Connection" succeed in the ODBC Data Source Administrator?
Life will be much easier if you use a DSN-Less connection and use the SQL OLE/DB driver. The connection string should be along the lines of,
"Provider=SQLOLEDB;Data Source=<< Server name >>;Initial Catalog=<< database name >>;User Id=<< your username >>;Password=<< your password >>;"
--------------------
Colt 45 - the original point and click interface -
Well my next question then is how do I set up a user that will cover everyone logged onto my web page? I guess usually it is something like: IUSR_Computer name...that way the web server is cconsidered accessing the system... any thoughts? Because right now I dont know what my USERNAME/PASSWORD is... its something along the lines of what the install set up for me.
Now, I understand enough to know that with SQL Server I can control all the way down to a records values for security, but I am not worried about that...I just want the web server to be able to handle all of my security. Does this make sense? So if a person is authorized access to my web page they are authorized to run any querries that exist in the web page...
-
"So if a person is authorized access to my web page they are authorized to run any querries that exist in the web page... "
If the SQL Server and the Web Server are one in the same box, then you'll be able to get this working using Windows Authentication. If they're seperate boxes then you're on a hard road down the murky paths of Kerberos delegation ....
--------------------
Colt 45 - the original point and click interface -
They are in fact being ran on the same box. So, how do I alter my connection string to allow for Windows Authentication? I wont need the username/password portion anymore..right?
But I guess my overriding question, although not very clear was: What type of security permissions does every person need (at minimum) to read data, write data. And if I am using windows authentication, do I have to add every user I plan to a user group, or not.
This is where I am getting confused. Normally I allow access to certain files on my web server to a specific user: "IUSR_WEBSERVER" This allows me to control my security through my ASP/VBS code with my database, and grant general permissions to all the files everybody might need. I just ensure certain people can/cant get to some pages through my security code.
Keeping this in mind, some of my users might get to a web page that allows them to create a table. Another user might not be granted access to that page, BUT if they were granted access to that page then they should be able to create a table as well.
So, how can I ensure that everyone that attempts to access the SQL Server has all the permissions they might ever need, and I will limit who gets to do what thorugh another security measure???
-
I may have lead you down the garden path a bit here. Presuming your website is setup for Windows authentication only, then you can connect to SQL Server using the same credentials. If your website supports anonymous users then you'll be stuck with a single user accessing the database, whether it's the IUSR_... one or a pre-defined SQL login is up to you.
Take a look at the wealth of articles available in the following links,
http://www.microsoft.com/sql/techinfo/administration/2000/security/default.mspx
http://www.microsoft.com/technet/prodtechnol/sql/2000/maintain/sp3sec00.mspx
http://msdn.microsoft.com/library/?url=/library/en-us/adminsql/ad_security_05bt.asp?frame=true
--------------------
Colt 45 - the original point and click interface -
Try the link below for a detailed tutorial on SQL Server Using SQL Authentication in ASP.NET 2.0. And Small Business Server 2003 comes with SQL Server 2000 for 75 concurrent users. Hope this helps.
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnpag2/html/paght000010.asp
Kind regards,
Gift Peddie
Kind regards,
Gift Peddie
Viewing 9 posts - 1 through 9 (of 9 total)
You must be logged in to reply to this topic. Login to reply