Results 1 to 8 of 8
  1. #1
    Super Moderator
    Join Date
    Jun 2002
    Location
    Mt Macedon, Victoria, Australia
    Posts
    3,993
    Thanks
    1
    Thanked 45 Times in 44 Posts

    ASP, Access and Security

    I am doing some playing around with Access and ASP, and I want to add security.
    I think I have a pretty good idea on how security works with normal Access databases, and I am trying to carry it over to an ASP context.
    When I creat a connection object, I can include a username and password . But these are no good unless the system knows which workgroup info file to use to check these against. Normally you either join the workgroup, or include it in the command line that opens the db.
    If my db is sitting on someone else's webserver I can't join the workgroup, so how do I specify the workgroup info file to use?
    Regards
    John



  2. #2
    Super Moderator jscher2000's Avatar
    Join Date
    Feb 2001
    Location
    Silicon Valley, USA
    Posts
    23,112
    Thanks
    5
    Thanked 93 Times in 89 Posts

    Re: ASP, Access and Security

    I'm not sure I understand your scenario completely, but here's a sample connection string from one of my global.asa files that shows where you reference the MDW file:

    "Provider=Microsoft.Jet.OLEDB.4.0;Data Source=eathdatabase.mdb;Jet OLEDB:System Database=d:alternatepathjsecure.mdw;User ID=username;Password="

    I don't know if I ever tried to use a relative path to either file, but I suspect you could. Hope this helps.

  3. #3
    Silver Lounger
    Join Date
    Jan 2001
    Location
    Indianapolis, Indiana, USA
    Posts
    1,862
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: ASP, Access and Security

    Hi John,

    Jefferson's Connection String is correct. Here's an example with ASP code included.
    Assume your folder structure is like this:<pre>--db
    --www</pre>

    Your Database files are in the db folder (one level BELOW the www folder) and your web/asp files are in the www folder. Many web hosts do this so that users can not directly access the contents of the db folder. (If you scenario is different, that's ok...just modify the paths and it will still work.)
    Let's say you have database.mdb and database.mdw in the db folder.

    In your ASP file you would use the following code to connect (using a Connection and Recordset object):<pre><%
    set cnn = Server.CreateObject("ADODB.Connection")
    cnn.Open "Microsoft.Jet.OLEDB.4.0;Data Source=" & Server.MapPath("../../db/database.mdb") _
    & ";Jet OLEDB:System Database=" & Server.MapPath("../../db/database.mdw") _
    & "; User ID=username;Password=password;"

    set rst = Server.CreateObject("ADODB.Recordset")
    rst.Open "SELECT * FROM tbl_Data", cnn, adOpenDynamic, adLockReadOnly
    'etc...

    rst.Close
    set rst = nothing
    cnn.Close
    set cnn = nothing%></pre>


    HTH

  4. #4
    Super Moderator jscher2000's Avatar
    Join Date
    Feb 2001
    Location
    Silicon Valley, USA
    Posts
    23,112
    Thanks
    5
    Thanked 93 Times in 89 Posts

    Re: ASP, Access and Security

    This is bizarre: O'Reilly's Nutshell on ASP 2.0 says you can't use the ".." notation in the string you give Server.MapPath. Should I cross that out? (Should I spring for a newer book? <img src=/S/grin.gif border=0 alt=grin width=15 height=15> )

  5. #5
    Silver Lounger
    Join Date
    Jan 2001
    Location
    Indianapolis, Indiana, USA
    Posts
    1,862
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: ASP, Access and Security

    Maybe that's an ASP 2.0 thing. I've used that quite a few times with ASP 3.0 - no problems.

    I just looked in my ASP 3.0 Professional book (from Wrox Press) and didn't see any indication either way.

    I guess the proof is in the pudding - if it works, it works!

  6. #6
    Super Moderator
    Join Date
    Jun 2002
    Location
    Mt Macedon, Victoria, Australia
    Posts
    3,993
    Thanks
    1
    Thanked 45 Times in 44 Posts

    Re: ASP, Access and Security

    Thanks to both of you for that.
    Clearly the answer is this bit ";Jet OLEDB:System Database=" & Server.MapPath("../../db/database.mdw")
    which neither of the books I have got mention as an option.
    I have 2nd Edition of ASP in a Nutshell. Is this something newer than that, or a, just not reading the book properly?
    Regards
    John



  7. #7
    Super Moderator jscher2000's Avatar
    Join Date
    Feb 2001
    Location
    Silicon Valley, USA
    Posts
    23,112
    Thanks
    5
    Thanked 93 Times in 89 Posts

    Re: ASP, Access and Security

    The Nutshell books cover the general methods, but database ("provider") specific properties such as "Jet OLEDB:System Database" are not as widely documented. I believe there is an MSDN article... ah, here we go: Microsoft OLE DB Provider for Microsoft Jet, scroll down to "Provider-Specific Connection Parameters" for more goodies.

  8. #8
    Super Moderator
    Join Date
    Jun 2002
    Location
    Mt Macedon, Victoria, Australia
    Posts
    3,993
    Thanks
    1
    Thanked 45 Times in 44 Posts

    Re: ASP, Access and Security

    Thanks for that. Just what i wanted.
    Regards
    John



Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •