What is ADO? - ADO 2.8
(Page 8 of 12 )
ADO 2.8 is simply a security update done as part of the Microsoft Secure Computing initiative. In some cases this has meant a break in backward compatibility, but the benefits of the added security outweigh these breaking changes.
The first of these changes is that code able to access the disk (such as the Stream object or opening or saving a Recordset from a file) is limited to trusted sites. Additionally, the file source must be a physical file or URL (and not a printer or serial port, for example). This checking occurs only on Windows 2000, Windows Server 2003, and Windows XP.
The second change ensures that the ActiveCommand property of a Recordset cannot be read when running in Internet Explorer. This stops malicious script from hijacking the command.
The third main change affects the handling of integrated security. Depending upon settings, providers could reuse existing connections and credentials to access other servers. For sites not in the Trusted Sites zone, untrusted providers cause security dialogs to be shown to the user. If the user accepts that the data is coming from an untrusted source, or if the data is coming from a trusted source, connection is permitted depending upon certain conditions detailed in the following table:
IE Settings for authentication and login | Provider supports "Integrated Security" | Provider does not support "Integrated Security" |
| UID & PWD are specified | SSPI | (JOLT, MSDASQL, MSPersist) |
| (SQLOLEDB) | (no UID & PWD) | |
Automatic login with current user name and password Prompt for user name and password Automatic logon only in Intranet zone Anonymous logon | Allow connection Allow connection Allow connection Allow connection | Allow connection Fail connection Prompt with security warning Fail connection | Allow connection Fail connection Prompt with security warning Fail connection |
The final security feature covers session pooling, which now uses access tokens instead of just the Security Identifier (SID) to determine if the requested connection matches an existing pooled connection.
Deprecated Components The following ADO components are deprecated in version 2.8, which means that they are still supported, but may be removed in the future.
- ODBC Provider (MSDASQL). You should use native OLE DB Providers instead of ODBC. Although deprecated, the OLE DB Provider for ODBC is still the default provider.
- Remote Data Services (RDS). You should replace RDS use with the Simple Object Access Protocol (SOAP) toolkit, which is an open, XML-based standard.
- Jet and Replication Objects ( JRO). Because the Jet OLD DB Provider was removed from MDAC 2.6, no new releases are planned, and they will not be available in future MDAC releases.
- AppleTalk and Banyan Vines SQL Network Libraries. You should replace their use with TCP/IP.
- 16-bit ODBC support. You should migrate to 32-bit data sources.
 This is from ADO Programmer's Reference, by Dave Sussman (Apress, ISBN 1590593421). Check it out at your favorite bookstore today. Buy this book now. |
Next: Examples 1-3 >>
More ASP.NET Articles
More By Apress Publishing
/ 17 
