Questions That Should Be Asked More Frequently

[Previous] [Next]

Q. Why can't I instantiate my business objects on my IIS server with the RDS DataSpace object's CreateObject method?

A. You'll need to change some Registry settings in order to allow access to these objects. MDAC does not enable this feature on installation for security reasons. You'll need to run RegEdit and then look for the following Registry key:

 HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\W3SVC\ ΠParameters\ADCLaunch 

Now add the ProgID for each business object you want to expose through RDS. For a more in-depth explanation, see the topic "Registering a Custom Business Object" in the Data Access Services portion of the Platform SDK Help.

Q. Does using handlers make RDS safe across the Internet?

A. That's an important question to ask but a tough one to answer. While I have a lot of experience building two-tiered and three-tiered database applications with ADO, I don't have much Internet programming experience. If you want more information on Internet security, read up on IIS and HTTPS.

I strongly recommend requiring RDS to use a handler to limit users' access to your database. Handlers keep the location of your database and the query string out of the client code. This allows you to modify or move your database, and you need to modify only the appropriate connection and/or query strings. You'll also keep your users from obtaining information about what sort of database you're using, where it's located, and so on.

Sometimes setting up anonymous users is helpful and appropriate. It simplifies coding and lets you take advantage of OLE DB session pooling. However, it's still anonymous.

You might decide that you need to store information about each customer in your database and provide each customer with a password. You can require that users supply their customer ID and password with their orders so that you can track the orders appropriately. Now you only need to make sure that you're using a secure connection through HTTPS so that no one else on the Internet can access the password supplied by the user.



Programming ADO
Programming MicrosoftВ® ADO.NET 2.0 Core Reference
ISBN: B002ECEFQM
EAN: N/A
Year: 2000
Pages: 131
Authors: David Sceppa

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net