My network eng won't allow me to create an SQL Authenticated account for the Forum Database we created. He wants me to use my windows domain account and he configured this account with db owner privilages. I don't know if it's possible but I've been having trouble trying to connect to the server using a windows domain account.
strConnString = "Provider=SQLOLEDB;Data Source=sphsstaging;database=Forum;uid=XXX\XXX;pwd=XXXXXXX" '## MS SQL Server 6.x/7.x/2000 (OLEDB connection)
I'm not sure if you can... but even if you could, it wouldn't be a good idea. Think about it, what would happen if you left the company? The program wouldn't work any more. That's just the tip of the iceburg.
What are you trying to do? Use that account for a Snitz forum? Will IIS use that account too?
The unwillingness not to use SQL Server authentication is just dumb. There is no difference, security wise, between having IIS use a Windows account or using an SQL Server authenticated account. It would be great if people just were sensible enough to think instead of letting themselves be lead by preconceited ideas.
Yep, but big orgs often have policies which fit 95% of cases but are applied to 100%.
You should create a domain service account for the db to run under (as startup/system account - make sure the password refresh isn't enforced - this is your Admin's job), and grant whatever privs are required on the db to the IUSR account.
Hmmm thinking about it, it may be preferebale to create a domain/service account for your IIS too, and grant windows domain privs to that account in MSSQL (and all the other things that IUSR has privs for - usually very limited by design). That way you can switch IIS boxes without worrying about having to maintain db accounts.
Topic Locked
Posted - 09 November 2007 : 16:26:22
