I have a MariaDB database that uses LDAP authentication so that database accounts are tied to their windows ones. If I develop a MS Access front-end, will their enterprise login be enough to restrict access to certain tables? Will I need to develop several front-ends or will they just get an error when they try to edit a linked table they are not supposed to?
Related
I have an online MySQL database that I use for the backend to my website. However to get to the database, I have to login to my hosting provider, then log in to cPanel, and then log into phpMyAdmin, which is quite slow to use.
I would like to be able to access or stream the database to Access so I could download, edit and upload sections of it. Is this possible?
Technically, nothing forbid you to make some linked tables in Access toward an online MySQL database using the Mysql ODBC driver. However, for security purpose, most hosting services will block anything that is not a direct HTML access to a web site at their firewall level. Therefore, you have to ask your provider if such an access is allowed and if yes, what are the connection parameters.
We have a need to build an EXE app that runs on a customer's server that accesses our Multi-Tenant SQL database.
We have a Column SubscriberId for each table that we use in our web app to limit users to just the records that belong to their SubscriberId - which works perfectly fine (on our servers).
We have an Exchange to SQL service that runs on our server that sync's Exchange Contacts and Appointments to our SQL tables. An issue is that we need customers to grant us the Exchange 'ApplicationImpersonation' role for us to access the data on their server - which means we have access to their whole Exchange database store.
Most customers have been willing to allow us that access level, but a few don't want us to have that level of access - and that's understandable.
Our sync app is a C# .NET console app, and we want to adapt it so we can have end-users install the app on their server and have it sync with our server remotely.
THE QUESTION: Is is possible to create a user on SQL Server 2008R2 that only has access to the rows for that user filtered WHERE SubscriberId = 201 (for example).
We would allow port 1433 access to their server and the user/password would be used in the connection string in the App.config.
If so, we can create an admin panel in an Windows exe app where they setup that SQL User/password and their Exchange Super-User. Then they can remotely sync - but only see their own records in our SQL database.
Otherwise, it seems we would need to re-work the app to use an API and an alternate security scheme. That would obviously be a lot more work :-(
Thanks, Charles
IMHO, I can suggest the following solution.
1. You create a unique token that you can use to identify the tenant via some config or during console app start up.
2. Each tenant will call your service by authenticating using the token.
3. Only valid tenant is allowed to call the services. Rest may be notified of such an attempts.
4. You can even set up the service and the web services to use a refresh token in case of being more secure.
I use SQL Server Management Studio to manage my SQL Server. I need to add a genericReadOnly and genericReadWrite to use when accessing it from automated vba code in Excel. The file that contains this code will be distributed to a number of people, more than I want to individually add to the server.
I've tried adding this generic user account, but get told
genericReadOnly is not a valid login or you do not have permissions.
The server admin believes that a username has to exist in Active Directory.
Is this standard, or is it a sitting that can be changed, if so how?
If you are using mixed authentication on your SQL Server, you can create a SQL Server login (via the security\logins tree on SSMS object explorer) and then a user on your database.
If you are using windows authentication only, then yes, you need an Windows login account mapped to that user.
To change the authentication mode... http://msdn.microsoft.com/en-us/library/ms188670.aspx
I am normally a .NET developer so have no experience with classic ASP.
I have been asked by a client to have a look at their classic ASP site. I am trying to recreate their site on my local machine so can have a play with but am having difficulty connecting to my copy of the database. The database has been recreated on SQL Server 2008 using windows authentication and I'm having difficulty with the connection string.
This is what I have so far:
Provider=SQLOLEDB;Data Source=MY-PC\SQLExpress;Initial Catalog=testdb;Integrated Security=SSPI;Persist Security Info=False;
Keeps saying
login failed.
Any ideas?
Modify the anonymous user account details that your local site uses to your own logon account.
The problem is that ASP scripts always run using impersonation either of the user associated with an authenticated connection or as the anonymous user account. The anonymous user is normally the rescricted IUSR account.
You could just turn off anonymous access and turn on Windows Integrated but I find its best for local development purposes to just change the anonymous user.
You need to create a login/user in SQL Server for the identity of the app pool in which your application is running.
Can one easily 'plug-in' an existing credentials repository to use when authenticating users on a DotNetNuke web site and can we then take advantage of the DNN authorization framework?
More specifically: we have a database of user credentials (mySql) used to authenticate users. We're investigating using DNN for a new web site but are restricted to using the existing credentials repository. We can easily make the repository accessible but will we need to do any 'tweaking in the MS-Sql database that DNN uses etc?
Btw, am complete DNN newbie and just investigating feasability.
Pointers appreciated.
DotNetNuke has an authentication provider and membership provider, both of which you would probably need to implement to be able to use a separate database for credentials (though if it's just for credentials, you would just write an authentication provider to check that database upon login, then user regular DNN users for the membership part, if you're not pulling profile info from there).
As Brian Dukes mentioned there is a provider model that makes this really easy. And I might be able to get your 99% of the way there. I have a commercial product External Database Authentication Provider that connects to any external SQL Server for this type of thing. Now it only communicates to SQL Server, but you can either grab the source and make 2-3 changes and be set, or I know other users in the past have actually created a SP in SQL Server that went to MySQL and used my module as is.