Help!

Hi, all:
Dev Tool: VB6
Server: SQL Server 2000.
Environment: Windows 2000/Windows XP/Windows 2000 Server
I had an ADO conection to the from a VB Application, wtih this connection
the user could Write/Read data from server and execute stored procedures.
The connection was made with DSNs(ODBC). The system created the DSNs and
connected to the server. Now, since we discovered that any one ,who had
Office 2000 or XP, could connect to the server and have the same permissions
of the VB appliacation user (through the DSN the sytem created), we decided
to do this:
1. Use a DSN-less connection
2. Validade the user with SQL Server authetication(not by the tursted
connection.
3. Give theses users the same permissions they had before.
Now, the system has a huge number of calls, updates and stored procedures,
my problem is that the system now nevertheless can use simple SQL-transact
staments with no prblem; ADO gives the following message when using stored
procedures:
"Operation is not Allowed when the Object is closed."
If the permissions were the problem, I couldn't execute the procedures
in the Query Analyzer using the same connection, UserID and Password I
developed for the VB6 application user.
So, I suspect the problem is not the connection itself, there is something
in my ADO (v 2.5) statement(??).
Here is the stament:
strDSN_p= "Provider=SQLOLEDB;Persist Security Info=False;Initial
Catalog=MyDB;Data Source=MyServer;User Id=SomeUser;Password=somepassword;"
cnADO_p.ConnectionString = strDSN_p
cnADO_p.CursorLocation = adUseClient
cnADO_p.CommandTimeout = 400
cnADO_p.ConnectionTimeout = 240
cnADO_p.Open
where cnADO is an ADO connection object.
Any ideas? I'm really worried because most of users have Office in their
computers and some them are system engineers in manegement possitions(not in
the computer department!) and data must be protected(DSN connections are
trustless!).
Note: A public permission has been granted to All the stored procedures.
RickI doubt this problem is security related. The problem was most likely
introduced by your switch from ODBC to OLE DB.
Ensure your stored procedures include 'SET NOCOUNT ON'. This will suppress
DONE_IN_PROC messages that can cause problems with ADO applications and
improve performance as well.
Hope this helps.
Dan Guzman
SQL Server MVP
"Rick" <Rick@.discussions.microsoft.com> wrote in message
news:02965BA0-1DBD-4A81-866B-C802C3D3E548@.microsoft.com...
> Hi, all:
> Dev Tool: VB6
> Server: SQL Server 2000.
> Environment: Windows 2000/Windows XP/Windows 2000 Server
> I had an ADO conection to the from a VB Application, wtih this connection
> the user could Write/Read data from server and execute stored procedures.
> The connection was made with DSNs(ODBC). The system created the DSNs and
> connected to the server. Now, since we discovered that any one ,who had
> Office 2000 or XP, could connect to the server and have the same
> permissions
> of the VB appliacation user (through the DSN the sytem created), we
> decided
> to do this:
> 1. Use a DSN-less connection
> 2. Validade the user with SQL Server authetication(not by the tursted
> connection.
> 3. Give theses users the same permissions they had before.
> Now, the system has a huge number of calls, updates and stored procedures,
> my problem is that the system now nevertheless can use simple SQL-transact
> staments with no prblem; ADO gives the following message when using stored
> procedures:
> "Operation is not Allowed when the Object is closed."
>
> If the permissions were the problem, I couldn't execute the procedures
> in the Query Analyzer using the same connection, UserID and Password I
> developed for the VB6 application user.
> So, I suspect the problem is not the connection itself, there is something
> in my ADO (v 2.5) statement(?).
> Here is the stament:
> strDSN_p= "Provider=SQLOLEDB;Persist Security Info=False;Initial
> Catalog=MyDB;Data Source=MyServer;User Id=SomeUser;Password=somepassword;"
> cnADO_p.ConnectionString = strDSN_p
> cnADO_p.CursorLocation = adUseClient
> cnADO_p.CommandTimeout = 400
> cnADO_p.ConnectionTimeout = 240
> cnADO_p.Open
> where cnADO is an ADO connection object.
> Any ideas? I'm really worried because most of users have Office in
> their
> computers and some them are system engineers in manegement possitions(not
> in
> the computer department!) and data must be protected(DSN connections are
> trustless!).
>
> Note: A public permission has been granted to All the stored procedures.
>
>
> --
> Rick