import-bot (20211) [Avatar] Offline
#1
[Originally posted by nollkoll]

Nice read. Only half way, still enjoying. As I'm sure u know by now MS has
released the Oracle provider (u thought they wouldn't ??). And even ported the
DAAB code. The Help files for SQL provider does not say much about Integrated
security, else than it exists and can be turned on, off, but the Oracle
provider Help files WARNS about turning it off. I would have liked to see a
section in the book on how to perform that trick, switching on the Intgr
security, for both SQLServer and Oracle. Granted - it may be more of a Win2K
admin task, but useful one for a developer. As using user/pws in the connect
string is seen everywhere, but all agree it's not for a secure solutions.
Possible to include next relsease ? Or publish as a separate article om
Manning site.. ?

Also, just curious, serching for lock or locking does not find a match. Is
there not a section on row locking strategies. Surely all these disconnected
dataset floating around must run into row locking problems when time comes to
refresh the DB, unlsess there are only very few users...?

Kind regards,
Henrik
import-bot (20211) [Avatar] Offline
#2
Re: security
[Originally posted by arlen]


Thanks smilie

Using integrated security with SQL Server is pretty easy - all you have to do
is modify your connection string (I'm pretty sure I mention it somewhere -
possibly in Appendix B). Your connection string would look something like:

"Data Source=localhost;Initial Catalog=ADONetSamples;Integrated Security=true"

This will work with NTLM and Kerberos under Windows NT, 2000 & XP. I'm not
sure if it works under 9x. . .

Unfortunately, by the time that the Oracle beta driver shipped, it was too
late to include anything about it in the book, although if we manage a second
edition (if enough people by the first smilie then I will certainly cover it. You
can enable integrated security in the same way - just add "Integrated
Security=yes" to the connection string. I think that it is on by default for
Oracle and off by default for SQL Server.

As for locking - because ADO.NET is really designed for supporting the
stateless model, there isn't a way to explicitly lock a row, but you can use
transactions and isolations levels to provide a certain level of control -
there is some coverage of this in Chapter 14. You can also choose to make your
updates either be optimistic or pessimistic - I give some examples of this
when I talk about customizing the data adapter.

Hope this helps. . .

Arlen


> Nice read. Only half way, still enjoying. As I'm sure u know by now MS has
> released the Oracle provider (u thought they wouldn't ??). And even ported the
> DAAB code. The Help files for SQL provider does not say much about Integrated
> security, else than it exists and can be turned on, off, but the Oracle
> provider Help files WARNS about turning it off. I would have liked to see a
> section in the book on how to perform that trick, switching on the Intgr
> security, for both SQLServer and Oracle. Granted - it may be more of a Win2K
> admin task, but useful one for a developer. As using user/pws in the connect
> string is seen everywhere, but all agree it's not for a secure solutions.
> Possible to include next relsease ? Or publish as a separate article om
> Manning site.. ?
>
> Also, just curious, serching for lock or locking does not find a match. Is
> there not a section on row locking strategies. Surely all these disconnected
> dataset floating around must run into row locking problems when time comes to
> refresh the DB, unlsess there are only very few users...?
>
> Kind regards,
> Henrik