/    Sign up×
Community /Pin to ProfileBookmark

DSN vs. DSNless connection

I’ve got a few pages that connect to a database. This is nothing new to me I’ve got hundreds of pages connecting to databases on other servers. However, for some reason this one server won’t except a DSN connection. I have to use a DSNless connection to get it to connect. The server that won’t use a DSN connection is running Windows 2000 Server. I have pages connecting to databases on these OS’s; Windows XP Media Center, Windows XP Professional, and Windows 2003 Server. Do you have to do something different on a Windows 2000 machine or is there something else wrong that I might not be thinking about?

DSN Connection Code:

Set connDB = Server.CreateObject(“ADODB.Connection”)
connDB.ConnectionString = “DSN=DB.dsn”

DSNless Connection Code:

Set connDB = Server.CreateObject(“ADODB.Connection”)
connDB.Open “DBQ=” & Server.MapPath(“../Path/DB.mdb”) & “;Driver={Microsoft Access Driver (*.mdb)};DriverId=25;MaxBufferSize=8192;Threads=20;”, “username”, “password”


to post a comment

13 Comments(s)

Copy linkTweet thisAlerts:
@thechasboiJan 09.2007 — you might want to update the mdac to the latest version. Here is the link http://www.microsoft.com/downloads/details.aspx?DisplayLang=en&FamilyID=6c050fe3-c795-4b7d-b037-185d0506396c

I have used DSN connection on my server 2k and even my 2k pro machine in the past.
Copy linkTweet thisAlerts:
@russellJan 10.2007 — definitely make sure u have latest mdac, but should ALWAYS use oledb provider, DSNless connection.
Copy linkTweet thisAlerts:
@nbcrockettauthorJan 10.2007 — Ok, updated my MDAC along with all other Windows Updates that I was behind on and it still won't use a DSN connection. Anymore ideas that I can try?


I've always read that a DSN connection was better than a DSNless connection. Why do you suggest a DSNless over a DSN?

Thanks for your help guys!
Copy linkTweet thisAlerts:
@russellJan 10.2007 — dsnless is faster in most cases. one less layer of OS COM calls. and in some cases, odbc doesnt even work for some operations. use native oledb provider wherever possible.
Copy linkTweet thisAlerts:
@nbcrockettauthorJan 10.2007 — Would the DSNless connection code I posted below be the correct code to use to connect to an Access Database?
Copy linkTweet thisAlerts:
@russellJan 10.2007 — yep. i'd remove those leading dots though, and use Path relative to root. this way, works from anywhere in your site (though makes sense to have it in include file in only one place)....

Copy linkTweet thisAlerts:
@nbcrockettauthorJan 10.2007 — Don't I need the dots to go up a level and then into the folder that the DB is stored in. My pages are stored in a different folder from my DB's
Copy linkTweet thisAlerts:
@russellJan 10.2007 — only if u want to use paths relative to the page (which proves to be a giant mistake as your site grows larger more and more complex, or if u ever decide to move a file).

should path everything relative to the root. so if your directory structure looks like this

the path to the mdb is "/data/msaccessDB.mdb" from [b]ANYWHERE[/b] in the site.

but using paths relative to the current page, u never know what the path may be. it will turn into a maintenance nightmare.

from default.asp it is "data/msaccessDB.mdb"

from report1.asp it is ../data/msaccessDB.mdb"

and on and on.

the same is true whether we're talking about links, images, include files, anything.

take a look at This Thread where i think i gave a bit more detailed explanation on similar issue.
Copy linkTweet thisAlerts:
@nbcrockettauthorJan 10.2007 — OK, that makes since. In the other thread you mentioned that using relative to the file is a minor security risk. Do you mind elaborating on that? Also, should I change every link (href, src, and etc.) on my site so that it's relative to the site? Thanks!
Copy linkTweet thisAlerts:
@russellJan 10.2007 — well, i probably wouldn't go to the trouble of changing 'em all, but every time i modify a page i might do it then.

security issue comes from directory traversal. once user sees .asp extension, or for that matter, anyone can grab the headers with very simple tools, they know you are running a windows server.

a common trick is to try to guess the structure of the website. say you have a page with links to ../../someotherPage.asp. a hacker might start trying tricks to work his/her way back to the c:windowssystem32 directory. a crack slightly aided by their knowledge of your directory structure. of course several other things have to go wrong for this to pose any real risk. it is just one of the first steps to mount more serious attacks. of course, if one could guess the name of your .mdb file, they could download it directly and that might be a problem...a good idea is to keep your mdbs outside of the webroot altogether, though this may not be possible if it is a hosted site.
Copy linkTweet thisAlerts:
@nbcrockettauthorJan 10.2007 — Maybe I'm doing something wrong, but I can still see the full path of a link if I put my mouse over it and if I view the source my paths that I changed to relative to site still show up as "../Path/file.css".
Copy linkTweet thisAlerts:
@russellJan 10.2007 — if thats what you're seeing in view source then either the file still has that, or u are viewing a copy from the cache...
Copy linkTweet thisAlerts:
@nbcrockettauthorJan 11.2007 — Ok, my paths in view source now show up without the periods. However, I don't see how this is more secure. Without the periods they see the exact path. With the periods they at least have to guess. I see the usefulness of having the flexibility to move files around, but I'm not seeing the security. What am I missing?


Help @nbcrockett spread the word by sharing this article on Twitter...

Tweet This
Sign in
Forgot password?
Sign in with TwitchSign in with GithubCreate Account
about: ({
version: 0.1.9 BETA 2.22,
whats_new: community page,
up_next: more Davinci•003 tasks,
coming_soon: events calendar,
social: @webDeveloperHQ

legal: ({
terms: of use,
privacy: policy
changelog: (
version: 0.1.9,
notes: added community page

version: 0.1.8,
notes: added Davinci•003

version: 0.1.7,
notes: upvote answers to bounties

version: 0.1.6,
notes: article editor refresh
recent_tips: (
tipper: @Samric24,
tipped: article
amount: 1000 SATS,

tipper: Anonymous,
tipped: article
amount: 10 SATS,

tipper: @neststayhome,
tipped: article
amount: 1000 SATS,