You searched for the word(s): userid:665617

More Search Options

RSS Available

• Re: How to reach the clients username???

  If I understand you correctly, you simply want to retrieve the username of an authenticated user? Try the following: strMessage = "Hello " & User.Identity.Name & ", welcome to my application."

  Posted to Security (Forum) by dvallone on 8/22/2007

• Re: Windows vs. Sql Authentication

  [quote user="ReachFarther"] Dvallone: We've taken care to use parameterized queries for every insert, update, get, delete, etc. There is no direct table or view access. So what you're suggesting is that regardless of our connection method, we should only allow out accounts access to the stored procedures that they need. For isntance, the front-end website utilizes a much smaller set of the available stored procedures than the administrative website does. So we'd create two logins

  Posted to Security (Forum) by dvallone on 8/3/2007

• Re: SQL 2000 Password Change Form...?!?

  The simplest way IMO would be to use a try/catch when opening your SQL connection, and executing your SQL command. Try conNorthWind.Open Catch ex As SqlException 'Code to handle error goes in here. If there is no error, this won't execute. End Try

  Posted to SQL Server, SQL Server Express, and SqlDataSource Control (Forum) by dvallone on 7/31/2007

• Re: SQL 2000 Password Change Form...?!?

  I think what you have should work, but maybe there's a syntax error in there that we've missed. To make things a bit more organized, try the following: Dim strSQLConnection As String = "Server=" & txtdatabase.text & ";UID=" & txtname.text & ";PWD=" & txtold.text & ";database=" & txtdatabase.text Dim connorthwind as New SQLConnection (strSQLConnection) Set a break point at the second line. When that break point hits, check

  Posted to SQL Server, SQL Server Express, and SqlDataSource Control (Forum) by dvallone on 7/31/2007

• Re: Basic Windows Authentication

  Try these: http://weblogs.asp.net/scottgu/archive/2006/02/24/ASP.NET-2.0-Membership_2C00_-Roles_2C00_-Forms-Authentication_2C00_-and-Security-Resources-.aspx http://aspnet.4guysfromrolla.com/articles/120705-1.aspx http://www.eggheadcafe.com/tutorials/aspnet/009e2e5e-5a44-4050-8233-59a0d69844e8/basics-forms-authenticat.aspx

  Posted to Security (Forum) by dvallone on 7/30/2007

• Re: Development Environment w/ssl

  The best way to "secure" this IMO is to not develop your application against production data. Since each developer is using SQL2000 locally, if they were to have actual confidential user data on every machine that would create a substantial security risk. (Having supported developers in the past, they are often oblivious to security issues while they are busy churning out code) Create fictitional data and use that for testing (if you are not already doing this). This eliminates the need

  Posted to Security (Forum) by dvallone on 7/30/2007

• Re: Windows vs. Sql Authentication

  I'd have to agree with naturehermit. We use encrypted connection strings stored in machine.config (like you everything is behind a firewall). If an attacker actually managed to get to the machine.config file to beat away at the encrypted password, chances are they were somehow able to get administrative rights to the server, so we're already screwed at that point. What I'd stress more than SQL Server authentication vs trusted connection decision is making sure the SQL account you are

  Posted to Security (Forum) by dvallone on 7/30/2007

• Re: Basic Windows Authentication

  Yes, the user's domain is validaded. So if you were to set up integrated windows authentication, the client's browser would send "DOMAIN\user", "password" to IIS, which would in turn validate it against AD. If they are attemting to connect through the Internet and IWA is enabled, they will be presented with a username/pw login box from IE, but IE will not automatically log them in (using the IE default security settings) You can programtically create an AD account, provided

  Posted to Security (Forum) by dvallone on 7/30/2007

• Re: How to use SSL

  Additionally, if you are using a hosting company company (specifically if your site is on a shared server) you should check with them, as they usually have special procedures you need to follow, and some limit the CAs you can use (or will charge an additional fee for CAs not on their preferred list).

  Posted to Security (Forum) by dvallone on 7/28/2007

• Re: sql server 2000 processor to sql server 2005 price

  I don't think your 2000 processor license can be applied to 2005 in any way/shape/form. I'm not aware of an upgrade path from a 2000 processor license to a 2005 processor license (unless you subscribe to software assurance, possibly). I would contact Microsoft directly and ask them what your licensing options are. Once you know what you need, check out some of the resellers on the web to get the best price. Example: http://www.cdw.com/shop/search/results.aspx?key=sql+server+2005&sr=1&platform

  Posted to Free For All (Forum) by dvallone on 7/28/2007