Database Connectivity Security

Security for database connectivity consists of configuring access to:

You use Windows NT and Internet Information Server security when accessing the .idc and .htx files. Users must have permission to access these files in the same way as any other file made available through Internet Information Server. The Terra Flora intranet uses anonymous access. Therefore, the properties of the .idc and .htx files must permit access by the IUSR_computername account or by the account specified for anonymous access.

Also, the .idc file lists a user name and (optionally) a password, which must be valid on the ODBC data source. If the .idc file does not list a user name and password, the user name and password used by Internet Information Server are presented to the ODBC data source.

If you use anonymous access or Basic authentication, the password used by Internet Information Server works on any remote data source if the user name and password are valid for logon to that data source. Windows NT challenge/response authentication works only when a computer is running both Windows NT Internet Information Server and Microsoft SQL Server. For more information, see the next section, "Using Windows NT Challenge/Response for Microsoft SQL Server Access."

Using Windows NT Challenge/Response for Microsoft SQL Server Access

If you are running Microsoft SQL Server and Internet Information Server on the same computer, you can use integrated SQL Server security to pass encrypted user names and passwords for database access. SQL Server must be configured for integrated security. Integrated SQL Server security enables you to use the encrypted user name and password given by an Internet Information Server user for access to SQL Server.

If you use integrated SQL Server security, you do not provide a user name and password in the .idc file. For more information about configuring integrated security, see your SQL Server documentation.

Before you can set up Internet Information Server and SQL Server with integrated Windows NT security, you must install both on the same computer.

To set up integrated Windows NT security, select the Windows NT Challenge/Response check box on the Service property sheet. Clients must use Internet Explorer version 2.0 or later. Specify Local Server as the System Data Source in your .idc file.

Windows NT user names must adhere to SQL Server integrated security name rules. Underscores, dollar signs, and pound signs are not allowed. The default account IUSR_computername cannot be used.