OT: Environ Variable Question

Started by stanl, February 24, 2016, 03:40:51 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions

stanl

February 24, 2016, 03:40:51 AM
WB has functions to get/set environmental variables. I have access to a SQL Server under Windows Authentication. Any compiled WB script I might write (with my credentials in the connect string) cannot be used by others as the SQL Server denies them permission.

It occurred to me that if were to place a UDF in the script to set the USERNAME to me, run the SQL Query (basically it returns an Excel file for the user) then reset to original USERNAME variable after the connection is closed.

Good idea or fantasy?

ChuckC

#1
February 24, 2016, 06:26:28 AM
Uh... Is the usage of the USERNAME environment variable by SQL Server documented to indicate that it honors the value of the environment variable?

The reason that I ask... The USERNAME environment variable is created by Windows itself as a result of logging you on, and, in general, is provided as courtesy so that scripting languages can execute scripts that behave in a conditional manner based on certain things such as your identity.  AFAIK, SQL Server databases are configured on a per-database instance to use your current Windows identity [as obtained from your access token when connecting to the DB], a database-specific identity [passed explicitly as part of credentials when connecting to the DB], or a hybrid mix of the two.  In no case, though, have I ever seen it documented as having the security weakened to the point where the USERNAME environment variable is actually used as the authoritative source for establishing the identity of a user who is trying to access the database.

stanl

#2
February 24, 2016, 08:52:21 AM
Chuck;

I cannot answer your question. For myself, I created a file_dns on the network to allow me to link and query the SQL Server tables with Access middleware. All that requires is a server and username. User on another pc cannot open the linked files - so I guess I can just use a command prompt to test whether or not SQL Server would accept the environ var as a credential, otherwise probably uses AD.

More of a what if? probably shouldn't even have posted it to begin with. Plan-B is to ask the admin on the server to create a process id for our group, although they are reluctant to do that due to churn.

td

#3
February 24, 2016, 11:03:41 AM
Quote from: stanl on February 24, 2016, 08:52:21 AM
I cannot answer your question. For myself, I created a file_dns

Out of an abundance of ignorance and not as any kind of criticism,  you meant dsn and not dns?
"No one who sees a peregrine falcon fly can ever forget the beauty and thrill of that flight."
  - Dr. Tom Cade

stanl

#4
February 25, 2016, 04:21:54 AM
Quote from: td on February 24, 2016, 11:03:41 AM
Out of an abundance of ignorance and not as any kind of criticism,  you meant dsn and not dns?

yes - I have dyslexai
Print
Go Up Pages1
User actions