INFO: Working with RDS HandlersID: Q230680
|
With the advent of Microsoft Data Access (MDAC) 2.0, Remote Data Service (RDS)implements a new security feature called Handlers. These handlers are located in your Operating System root directory (that is, C:\Winnt\) inside the file Msdfmap.ini.
The file is divided into three different types of Handlers:
Each type of handler is designed to cover a different area of security. A Connect Handler allows the developer to alias a data source name (DSN). A developer can use the handler name in place of the actual DSN in their code. The Connect Handler also allows for basic access privileges/>
Here is an example of a Connect Handler:
Inside Msdfmap.ini:SQL Handlers function much like Connect Handler, with the exception that they replace SQL code.
[connect CustomerDatabase] Access=ReadOnly Connect="DSN=AdvWorks"
Sample VBScript code using the handler:
AdvancedDataControl.Connect="CustomerDatabase"
Here, whenever the connect string is CustomerDatabase, RDS automatically substitutes DSN=AdvWorks. This keeps sensitive information out of the client application where the source may be viewed or otherwise reverse engineered.
Inside Msdfmap.ini:The final type of handler is the Userlist Handler. The Userlist handler only works with Windows NT Challenge/Response and allows the developer or administrator to set access levels similar to the Connect Handler, but based on the user connecting.[sql AuthorList] SQL="SELECT * FROM AUTHORS"
Sample VBScript code using this handler with the preceding Connect Handler:Whenever RDS detects a query on AuthorList (either through the AdvancedDataControl or the DataFactory,) RDS replaces it with the appropriate SQL statement.AdvancedDataControl.Connect="CustomerDatabase" AdvancedDataControl.SQL="AuthorList"
Inside Msdfmap.ini:If RDS cannot find a user-defined handler to perform a specific task, RDS will use the default handler. The default handler is specified by placing default after the type of handler desired.With the preceding code sample, the Administrator will have full rights to the AdvWorks DSN, whereas UserX will have Read Only permissions. Everyone else will have No Access to the DSN.[connect CustomerDatabase] Access=NoAccess Connect="DSN=AdvWorks" [userlist CustomerDatabase] Administrator=ReadWrite UserX=ReadOnly
[connect default]
;this handler is called if RDS cannot find another handler
;we set the access level to NoAccess to close any possible security holes
Access=NoAccess
[sql default]
;to disable unknown or unauthorized statements, set SQL to an invalid query
SQL=" "
[userlist default]
;let's give the Administrator full permissions
Administrator=ReadWrite
Here is a list of valid Access levels for both the Connect and Userlist handlers:
Using the Customization Handler Feature in RDS 2.0
(c) Microsoft Corporation 1999, All Rights Reserved. Contributions by Jonathan Johnson, Microsoft Corporation.
Additional query words:
Keywords : kbRDS200 kbRDS210 kbGrpVBDB kbGrpMDAC kbRDS210SP2
Version : WINDOWS:2.0,2.01,2.1,2.1 SP1,2.1 SP2
Platform : WINDOWS
Issue type : kbinfo
Last Reviewed: June 17, 1999