dcsimg
Results 1 to 20 of 20

Thread: Is it Standard to use Active Directory with VB 6.0 in lieu of SQL Server?

  1. #1

    Thread Starter
    Member
    Join Date
    Jun 2016
    Location
    DFW, Texas
    Posts
    35

    Is it Standard to use Active Directory with VB 6.0 in lieu of SQL Server?

    Where I work there is a SQL Server table (there are many), and this particular one is what we use for one of our systems. A former VB 6.0 developer, now acting as a front-line customer support/technical person, is suggesting strongly that I need to use Active Directory instead of a SQL Server table to give authorization to four people to do something that others cannot do. He is saying that it is standard to use these AD Groups over using a simple table.

    Being very new to VB 6.0, I do not know what to think. Help!

  2. #2
    MS SQL Powerposter szlamany's Avatar
    Join Date
    Mar 2004
    Location
    CT
    Posts
    17,843

    Re: Is it Standard to use Active Directory with VB 6.0 in lieu of SQL Server?

    Yes - it is standard to use Integrated Security in the connection string - so as to use AD for the actual authentication.

    In general SQL logins should not be used.

    What is your connection string now?

    *** Read the sticky in the DB forum about how to get your question answered quickly!! ***

    Please remember to rate posts! Rate any post you find helpful - even in old threads! Use the link to the left - "Rate this Post".

    Some Informative Links:
    [ SQL Rules to Live By ] [ Reserved SQL keywords ] [ When to use INDEX HINTS! ] [ Passing Multi-item Parameters to STORED PROCEDURES ]
    [ Solution to non-domain Windows Authentication ] [ Crazy things we do to shrink log files ] [ SQL 2005 Features ] [ Loading Pictures from DB ]

    MS MVP 2006, 2007, 2008

  3. #3

    Thread Starter
    Member
    Join Date
    Jun 2016
    Location
    DFW, Texas
    Posts
    35

    Re: Is it Standard to use Active Directory with VB 6.0 in lieu of SQL Server?

    Well, this is not a SQL Login, but only a table (if we use SQL Server) that verifies if the people are members of a group that allows them to duplicate a scan of a bar code.

  4. #4
    MS SQL Powerposter szlamany's Avatar
    Join Date
    Mar 2004
    Location
    CT
    Posts
    17,843

    Re: Is it Standard to use Active Directory with VB 6.0 in lieu of SQL Server?

    Ok - then - what is your connection string to the database?

    *** Read the sticky in the DB forum about how to get your question answered quickly!! ***

    Please remember to rate posts! Rate any post you find helpful - even in old threads! Use the link to the left - "Rate this Post".

    Some Informative Links:
    [ SQL Rules to Live By ] [ Reserved SQL keywords ] [ When to use INDEX HINTS! ] [ Passing Multi-item Parameters to STORED PROCEDURES ]
    [ Solution to non-domain Windows Authentication ] [ Crazy things we do to shrink log files ] [ SQL 2005 Features ] [ Loading Pictures from DB ]

    MS MVP 2006, 2007, 2008

  5. #5
    PowerPoster
    Join Date
    Feb 2006
    Posts
    20,219

    Re: Is it Standard to use Active Directory with VB 6.0 in lieu of SQL Server?

    So no security?

    It sounds as if anyone could cobble up a script to hit the database and do whatever he wanted, bypassing your table-based rules that only exist in some application logic.

    Of course you didn't say whether or not there is middle-tier logic mediating all database access. If so you would enforce roles at that level, which is secure assuming client machines have no direct access to the database.

    More likely though you are using monolithic architecture where code running on client PCs connects directly to the database server.

  6. #6
    PowerPoster techgnome's Avatar
    Join Date
    May 2002
    Posts
    32,291

    Re: Is it Standard to use Active Directory with VB 6.0 in lieu of SQL Server?

    I suspect that the user enters their name, clicks login, it uses a hard-coded user/pwd to connect to the SQL Server, where it then checks to see if the entered username is in the table and returns (hopefully) true or false, indicating if the user has been granted the right to perform the action.

    -tg

    edit - ack! My reply was directed at szlamany... dill posted as I was decomposing.
    * I don't respond to private (PM) requests for help. It's not conducive to the general learning of others.*
    * I also don't respond to friend requests. Save a few bits and don't bother. I'll just end up rejecting anyways.*
    * How to get EFFECTIVE help: The Hitchhiker's Guide to Getting Help at VBF - Removing eels from your hovercraft *
    * How to Use Parameters * Create Disconnected ADO Recordset Clones * Set your VB6 ActiveX Compatibility * Get rid of those pesky VB Line Numbers * I swear I saved my data, where'd it run off to??? *

  7. #7

    Thread Starter
    Member
    Join Date
    Jun 2016
    Location
    DFW, Texas
    Posts
    35

    Re: Is it Standard to use Active Directory with VB 6.0 in lieu of SQL Server?

    Well, this is not a SQL Login, but only a table (if we use SQL Server) that verifies if the people are members of a group that allows them to duplicate a scan of a bar code.

    In a discussion between a couple developers and myself, we are going to use the main SQL Server database and will pick up the rights for various access. This means we will add some records to the existing ADMINS table where certain rights are granted at startup..

  8. #8
    MS SQL Powerposter szlamany's Avatar
    Join Date
    Mar 2004
    Location
    CT
    Posts
    17,843

    Re: Is it Standard to use Active Directory with VB 6.0 in lieu of SQL Server?

    If you want actual help post your connection string.

    Otherwise you are having a conversation with yourself

    *** Read the sticky in the DB forum about how to get your question answered quickly!! ***

    Please remember to rate posts! Rate any post you find helpful - even in old threads! Use the link to the left - "Rate this Post".

    Some Informative Links:
    [ SQL Rules to Live By ] [ Reserved SQL keywords ] [ When to use INDEX HINTS! ] [ Passing Multi-item Parameters to STORED PROCEDURES ]
    [ Solution to non-domain Windows Authentication ] [ Crazy things we do to shrink log files ] [ SQL 2005 Features ] [ Loading Pictures from DB ]

    MS MVP 2006, 2007, 2008

  9. #9

    Thread Starter
    Member
    Join Date
    Jun 2016
    Location
    DFW, Texas
    Posts
    35

    Re: Is it Standard to use Active Directory with VB 6.0 in lieu of SQL Server?

    I didn't post my string because I am sick and had to go and lie down. Some kind of flu. Not feeling much better. I'll respond sometime soon.

    Quote Originally Posted by szlamany View Post
    If you want actual help post your connection string.

    Otherwise you are having a conversation with yourself

  10. #10
    PowerPoster
    Join Date
    Jun 2001
    Location
    Trafalgar, IN
    Posts
    4,132

    Re: Is it Standard to use Active Directory with VB 6.0 in lieu of SQL Server?

    The question has nothing to do with connection strings. It seem OP is asking if it's best practices to authenticate users and group access based on SQL Server tables or leverage Active Directory.

    My opinion is use Active Directory. Active Directory is all about users, group, and their access to resources. You can build this functionality yourself using tables but you would be reinventing the wheel. That said, using AD with VB6 will involve a bit of a learning curve. A lot will find that more than they want to deal with. The main advantage is your application can inherit domain policies and you wouldn't have to make sure you sync AD and SQL Server.
    Last edited by MarkT; Jun 28th, 2016 at 11:56 AM.

  11. #11
    MS SQL Powerposter szlamany's Avatar
    Join Date
    Mar 2004
    Location
    CT
    Posts
    17,843

    Re: Is it Standard to use Active Directory with VB 6.0 in lieu of SQL Server?

    Quote Originally Posted by MarkT View Post
    The question has nothing to do with connection strings.
    I find it so odd you would say that.

    And then go on about how it might be difficult to use AD with VB6.

    Integrated Security uses AD from WITHIN SQL to authenticate - that job is already done and you can poll the SQL engine for that username.

    You can even go so far as to give some of your SQL tables and such AD Roles that must be held by the credential'd user to access said tables.

    AD is fully integrated with MS SQL through INTEGRATED SECURITY.

    The only time I've had to talk to the AD myself was in backend web methods that were trying to authenticate a user without having to have duals sets of usernames and passwords.

    *** Read the sticky in the DB forum about how to get your question answered quickly!! ***

    Please remember to rate posts! Rate any post you find helpful - even in old threads! Use the link to the left - "Rate this Post".

    Some Informative Links:
    [ SQL Rules to Live By ] [ Reserved SQL keywords ] [ When to use INDEX HINTS! ] [ Passing Multi-item Parameters to STORED PROCEDURES ]
    [ Solution to non-domain Windows Authentication ] [ Crazy things we do to shrink log files ] [ SQL 2005 Features ] [ Loading Pictures from DB ]

    MS MVP 2006, 2007, 2008

  12. #12
    PowerPoster
    Join Date
    Jun 2001
    Location
    Trafalgar, IN
    Posts
    4,132

    Re: Is it Standard to use Active Directory with VB 6.0 in lieu of SQL Server?

    I think you and I are reading OPs request differently. I think you're seeing it as how do I authenticate to SQL Server and I'm seeing it as how do I authenticate to my application.

    If my take on it is correct, you have a few options.
    1) Connect to SQL server and query tables to get theusers permissions.
    2) Connect to Active Directory to fetch the users permissions.

    The main advantage to option 1 is more people are familiar working with SQL Server than Active Directory. For most this will make SQL Server an easier option.

    The main advantage to option 2 is user access is based on domain rules. There is no need to maintain tables if a user changes roles.

  13. #13
    #28 for the Yanks coming GaryMazzone's Avatar
    Join Date
    Aug 2005
    Location
    Dover,NH
    Posts
    7,306

    Re: Is it Standard to use Active Directory with VB 6.0 in lieu of SQL Server?

    No Option 3
    You create AD groups and assign AD users to the groups. You assign the AD groups in SQL Server as logins. You assign the SQL Server logins access to a database. In the database you assign the login Rights to the tables, views, columns and procedures. Now when you sign in via Windows auth you get the rights you need in the database with out getting to the process of connecting to and querying AD
    Sometimes the Programmer
    Sometimes the DBA

    Mazz1

  14. #14
    MS SQL Powerposter szlamany's Avatar
    Join Date
    Mar 2004
    Location
    CT
    Posts
    17,843

    Re: Is it Standard to use Active Directory with VB 6.0 in lieu of SQL Server?

    Quote Originally Posted by szlamany View Post
    You can even go so far as to give some of your SQL tables and such AD Roles that must be held by the credential'd user to access said tables.
    Yes - this is option 3 - thank you Gary for elaborating.

    Personally I like to stop this level of authentication at the "what tables and views" one might be given access to.

    For "application control" - what buttons you might see - what forms might appear - I prefer to have a set of SQL tables for further application roles. Using AD doesn't work for all types of applications - web apps - especially those that invite the public via an "email-address-as-a-username" and such.

    *** Read the sticky in the DB forum about how to get your question answered quickly!! ***

    Please remember to rate posts! Rate any post you find helpful - even in old threads! Use the link to the left - "Rate this Post".

    Some Informative Links:
    [ SQL Rules to Live By ] [ Reserved SQL keywords ] [ When to use INDEX HINTS! ] [ Passing Multi-item Parameters to STORED PROCEDURES ]
    [ Solution to non-domain Windows Authentication ] [ Crazy things we do to shrink log files ] [ SQL 2005 Features ] [ Loading Pictures from DB ]

    MS MVP 2006, 2007, 2008

  15. #15
    PowerPoster
    Join Date
    Jun 2001
    Location
    Trafalgar, IN
    Posts
    4,132

    Re: Is it Standard to use Active Directory with VB 6.0 in lieu of SQL Server?

    Quote Originally Posted by szlamany View Post
    For "application control" - what buttons you might see - what forms might appear - I prefer to have a set of SQL tables for further application roles. Using AD doesn't work for all types of applications - web apps - especially those that invite the public via an "email-address-as-a-username" and such.
    Layout based on roles is where I thought AD had the advantage. It a simple check of group membership with no need for tables. As for web apps, the only ones I worked on used integrated authentication and COM+. With that, using AD was pretty straight forward. If you are doing web apps with forms authentication then yes, AD isn't the way to go.

  16. #16
    PowerPoster
    Join Date
    Feb 2006
    Posts
    20,219

    Re: Is it Standard to use Active Directory with VB 6.0 in lieu of SQL Server?

    One problem is that an application's roles can't always be expressed in simple terms like the ability to update or delete rows in a given table.

    Even stored procedures don't help since a user could just bypass those (as far as I know you can't define table access as only via a stored procedure - but I'd be glad to be told that isn't true and shown evidence of it). So unless I am wrong about that... unless your roles can be defined simply in terms of table (or even column) access you really need some server-side middle tier logic and you can't have clients connecting directly to the database at all.

  17. #17
    #28 for the Yanks coming GaryMazzone's Avatar
    Join Date
    Aug 2005
    Location
    Dover,NH
    Posts
    7,306

    Re: Is it Standard to use Active Directory with VB 6.0 in lieu of SQL Server?

    dilettant it isn't true. You don't give the user (or the AD group) rights to do anything on the tables. You give execute rights to the stored procedures and then the user can't select insert update or delete directly against a table only via the stored procedures that the group has access to.
    Sometimes the Programmer
    Sometimes the DBA

    Mazz1

  18. #18
    MS SQL Powerposter szlamany's Avatar
    Join Date
    Mar 2004
    Location
    CT
    Posts
    17,843

    Re: Is it Standard to use Active Directory with VB 6.0 in lieu of SQL Server?

    Quote Originally Posted by GaryMazzone View Post
    dilettant it isn't true. You don't give the user (or the AD group) rights to do anything on the tables. You give execute rights to the stored procedures and then the user can't select insert update or delete directly against a table only via the stored procedures that the group has access to.
    That is the way we do our apps. Access is only GRANTED to EXECUTE SPROCS.

    Sure you can "execute" SPROCS in a nefarious manner. But only in a way that is permitted by the internal security of those SPROCS - which embraces the entire set of security rules in the app.

    Absolutely no tables can be accessed by anyone.

    We do allow some people to "see" VIEWS - so as to be served out to EXCEL, for instance. And whatever "security" is in the WHERE clause of the VIEW comes through in EXCEL through WINDOWS AUTHENTICATION.

    *** Read the sticky in the DB forum about how to get your question answered quickly!! ***

    Please remember to rate posts! Rate any post you find helpful - even in old threads! Use the link to the left - "Rate this Post".

    Some Informative Links:
    [ SQL Rules to Live By ] [ Reserved SQL keywords ] [ When to use INDEX HINTS! ] [ Passing Multi-item Parameters to STORED PROCEDURES ]
    [ Solution to non-domain Windows Authentication ] [ Crazy things we do to shrink log files ] [ SQL 2005 Features ] [ Loading Pictures from DB ]

    MS MVP 2006, 2007, 2008

  19. #19
    PowerPoster
    Join Date
    Jun 2001
    Location
    Trafalgar, IN
    Posts
    4,132

    Re: Is it Standard to use Active Directory with VB 6.0 in lieu of SQL Server?

    Quote Originally Posted by cecilchamp View Post
    A former VB 6.0 developer, now acting as a front-line customer support/technical person, is suggesting strongly that I need to use Active Directory instead of a SQL Server table to give authorization to four people to do something that others cannot do.
    Once again, my take on OPs post is its not about database access. Instead I think they want to allow functionality based on authentication. That sounds like a front end thing.

  20. #20
    Fanatic Member
    Join Date
    Apr 2015
    Location
    Finland
    Posts
    654

    Re: Is it Standard to use Active Directory with VB 6.0 in lieu of SQL Server?

    Quote Originally Posted by GaryMazzone View Post
    No Option 3
    You create AD groups and assign AD users to the groups. You assign the AD groups in SQL Server as logins.
    Vote for that!

    Create an AD group fex. 'BarCodeDupGroup' and assign user granted to this group etc.
    The most secure and scalable way of doing, what you want to achieve.

    aandd... If and when you do not want to hassle with database at all, you can always check if current user logged in to your app using his/hers AD credentials has rights.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  



Featured


Click Here to Expand Forum to Full Width