Re: ODBC Security

Josh Hillman ( (no email) )
Tue, 28 Jul 1998 10:09:14 -0400

> From: Mark Tran <mpt@pop.gdex.net>
> We just have some new NT box up running IIS4 and just have one question.
As far as I know, when you set up a system DSN anyone can access to it to
modify the database. This can be a serious problem when hosting multiple
sites. Is there anyway to secure the DSN so that only certain user have
access to it.

If your datbases are Access (.mdb or whatever they are), setting NTFS
permissions on them I think will do the trick. If you're using MSSQL
Server, you can assign a plethora of permissions within SQL for read,
write, delete, etc. permissions on a complete table, or individual column,
etc.
Also, make sure that you check out the following page:
http://www.microsoft.com/security/bulletins/ms98-003.htm

Josh Hillman
hillman@talstar.com