[thelist] Pros and Cons of a DSN connection x a DSN-less?

[Warden, Matt]

On Feb 27, Faye Tarzwell(FayeC) had something to say about [thelist] Pros...

>Hi,
>
>I am trying to gather as much information as possible about DSN and
>DSN-less connection so I can provide more information to a client.
>I read some time ago that a DSN-less is faster than a DSN connection (by
>miliseconds) but on the other hand a DSN would be more secure? If the
>DSN-less is not secure then why use it at all?

well, saying that a DSN connection is *more* secure than DSN-less is
totally different than saying DSN-less connections are not secure.

By analogy, purple is more blue than red is, but that does not mean
that puple is blue.

Keep the DSN-less connection code in a file. Keep that file below the site
root. Then, the only way they can get at that information (assuming your
webserver is patched and secured) is to gain control of the machine
itself. And, if that happens, I think the connection information is the
least of your problem.

DSN-less connections are stored in files.
DSNs are stored in the registry (I'm about 99.9% sure, anyways)

If I gain contol of your system, I don't think it'd be much more difficult
to find that registry key.

So, I don't think security of the methods themselves is the issue. Just
use them intelligently.

Fwiw, I always use a DSN-less connection. It makes the application more
portablie and re-useable, as it's not dependant on system
configuration. It's also much easier to maintain when one has no physical
access to the machine.

this help?

--
mattwarden
mattwarden.com