Board index » delphi » Oddity with TDatabase MSSQL and trusted connection (can anybody recreate)

Oddity with TDatabase MSSQL and trusted connection (can anybody recreate)

Can anybody recreate the following.

1. Drop a TDatabase on a form
2. Set the alias to a trusted SQL alais.
3. Set the database name property
4. In the params property set
USER NAME=Sombodynotallowed
PASSWORD=somethingwrong
5. Set the TDatabase to active.

Do you still get connected to the database??
I do, because it somehow (something) is sending my NT user name and
password file to the server.  And I know that I am being logged in as
myself run a query that does select user_name() and see who you get.

Can anybody verify this?  And how do I make it stop?  Environment:
D4sp1, NT40sp3, mssql6.5 no sp's.

With D3 if you used the wrong user name and password you received a
unable to log in message, so what gives?

Brian Chance

 

Re:Oddity with TDatabase MSSQL and trusted connection (can anybody recreate)


The only way that I know of is to set up your SQL Server instance to *not*
do intergrated security ( I forget the exact option... It's accessible via
SQL Enterprise Manager.)
 When you use the integrated security option, a connecting client will use
the already established (if there is one) NT security context.

To verify this, don't log onto any of your domain's resources (drives, etc.)
and then try connecting your database - you should fail.

This is all buried somewhere within 'SQL Server Books Online' that installed
with the SQl Server instance...

Quote
bcha...@readiloan.com.nospam wrote in message

<35da52b5.19591...@forums.borland.com>...
Quote
>Can anybody recreate the following.

>1. Drop a TDatabase on a form
>2. Set the alias to a trusted SQL alais.
>3. Set the database name property
>4. In the params property set
>USER NAME=Sombodynotallowed
>PASSWORD=somethingwrong
>5. Set the TDatabase to active.

>Do you still get connected to the database??
>I do, because it somehow (something) is sending my NT user name and
>password file to the server.  And I know that I am being logged in as
>myself run a query that does select user_name() and see who you get.

>Can anybody verify this?  And how do I make it stop?  Environment:
>D4sp1, NT40sp3, mssql6.5 no sp's.

>With D3 if you used the wrong user name and password you received a
>unable to log in message, so what gives?

>Brian Chance

Re:Oddity with TDatabase MSSQL and trusted connection (can anybody recreate)


I have not tried this before, but what you are describing would be the
behaviour I would expect, based on the trusted connection. With the trusted
connection, you do not need to provide a usename and password, this is done
for you by NT. It will use you username and password for your domain to
validate your login and if it is ok, then you can see the database,
otherwise you cannot.

As I understand it, in this case, the BDE does not need to provide a
username or password as this is not necessary.

My 2 cents worth.

George Aligianis

Other Threads