DSN vs. DSNless connection

@nbcrockettJan 09.2007

I’ve got a few pages that connect to a database. This is nothing new to me I’ve got hundreds of pages connecting to databases on other servers. However, for some reason this one server won’t except a DSN connection. I have to use a DSNless connection to get it to connect. The server that won’t use a DSN connection is running Windows 2000 Server. I have pages connecting to databases on these OS’s; Windows XP Media Center, Windows XP Professional, and Windows 2003 Server. Do you have to do something different on a Windows 2000 machine or is there something else wrong that I might not be thinking about?

DSN Connection Code:

[CODE] Set connDB = Server.CreateObject(“ADODB.Connection”) connDB.ConnectionString = “DSN=DB.dsn” connDB.Open [/CODE]

DSNless Connection Code:

[CODE] Set connDB = Server.CreateObject(“ADODB.Connection”) connDB.Open “DBQ=” & Server.MapPath(“../Path/DB.mdb”) & “;Driver={Microsoft Access Driver (*.mdb)};DriverId=25;MaxBufferSize=8192;Threads=20;”, “username”, “password” [/CODE]

Thanks!

to post a comment

13 Comments(s) _↴

@thechasboiJan 09.2007 — #you might want to update the mdac to the latest version. Here is the link http://www.microsoft.com/downloads/details.aspx?DisplayLang=en&FamilyID=6c050fe3-c795-4b7d-b037-185d0506396c

I have used DSN connection on my server 2k and even my 2k pro machine in the past.

@russellJan 10.2007 — #definitely make sure u have latest mdac, but should ALWAYS use oledb provider, DSNless connection.

@nbcrockettauthorJan 10.2007 — #Ok, updated my MDAC along with all other Windows Updates that I was behind on and it still won't use a DSN connection. Anymore ideas that I can try?

Russell,

I've always read that a DSN connection was better than a DSNless connection. Why do you suggest a DSNless over a DSN?

Thanks for your help guys!

@russellJan 10.2007 — #dsnless is faster in most cases. one less layer of OS COM calls. and in some cases, odbc doesnt even work for some operations. use native oledb provider wherever possible.

@nbcrockettauthorJan 10.2007 — #Would the DSNless connection code I posted below be the correct code to use to connect to an Access Database?

@russellJan 10.2007 — #yep. i'd remove those leading dots though, and use Path relative to root. this way, works from anywhere in your site (though makes sense to have it in include file in only one place)....

Server.MapPath("/Path/DB.mdb")

@nbcrockettauthorJan 10.2007 — #Don't I need the dots to go up a level and then into the folder that the DB is stored in. My pages are stored in a different folder from my DB's

@russellJan 10.2007 — #only if u want to use paths relative to the page (which proves to be a giant mistake as your site grows larger more and more complex, or if u ever decide to move a file).

should path everything relative to the root. so if your directory structure looks like this

<i>
 </i>/
 default.asp
 .../reports/
 report1.asp
 report2.asp
 .../data/
 msaccessDB.mdb
 .../images/
 logo.gif
 photo.jog

the path to the mdb is "/data/msaccessDB.mdb" from [b]ANYWHERE[/b] in the site.

but using paths relative to the current page, u never know what the path may be. it will turn into a maintenance nightmare.

from default.asp it is "data/msaccessDB.mdb"

from report1.asp it is ../data/msaccessDB.mdb"

and on and on.

the same is true whether we're talking about links, images, include files, anything.

take a look at This Thread where i think i gave a bit more detailed explanation on similar issue.

@nbcrockettauthorJan 10.2007 — #OK, that makes since. In the other thread you mentioned that using relative to the file is a minor security risk. Do you mind elaborating on that? Also, should I change every link (href, src, and etc.) on my site so that it's relative to the site? Thanks!

@russellJan 10.2007 — #well, i probably wouldn't go to the trouble of changing 'em all, but every time i modify a page i might do it then.

security issue comes from directory traversal. once user sees .asp extension, or for that matter, anyone can grab the headers with very simple tools, they know you are running a windows server.

a common trick is to try to guess the structure of the website. say you have a page with links to ../../someotherPage.asp. a hacker might start trying tricks to work his/her way back to the c:windowssystem32 directory. a crack slightly aided by their knowledge of your directory structure. of course several other things have to go wrong for this to pose any real risk. it is just one of the first steps to mount more serious attacks. of course, if one could guess the name of your .mdb file, they could download it directly and that might be a problem...a good idea is to keep your mdbs outside of the webroot altogether, though this may not be possible if it is a hosted site.

@nbcrockettauthorJan 10.2007 — #Maybe I'm doing something wrong, but I can still see the full path of a link if I put my mouse over it and if I view the source my paths that I changed to relative to site still show up as "../Path/file.css".

@russellJan 10.2007 — #if thats what you're seeing in view source then either the file still has that, or u are viewing a copy from the cache...

@nbcrockettauthorJan 11.2007 — #Ok, my paths in view source now show up without the periods. However, I don't see how this is more secure. Without the periods they see the exact path. With the periods they at least have to guess. I see the usefulness of having the flexibility to move files around, but I'm not seeing the security. What am I missing?

Success!

Help @nbcrockett spread the word by sharing this article on Twitter...

Tweet This

DSN vs. DSNless connection

13 Comments(s) _↴

Success!

Social

Version

DSN vs. DSNless connection

13 Comments(s) ↴

Success!

The web is an endless sea of information. Don't miss the boat... Subscribe!

Social

Version

13 Comments(s) _↴