Avoiding password when accessing database.?

I'm wondering if its possible to add the ID and Password to a link so our user wouldn't have to enter it. Right now we put the ID and PW right beside the link but its kind of dumb.


Its a website. Our customer from around the world get access with their own private ID and PW. Then they get access to several database but some of them ask us a 2nd level of security by adding another ID/PW.

1 Answer

  • 1 decade ago
    Favorite Answer

    You're not saying what DBMS is being used (MS SQL, MySQL, MS Access, PostgreSQL, Oracle???), or how the database is being accessed (web page, application, Excel sheet, DBMS front end???) or where (internet, intranet, file sharing over a network???)

    If it's a web page, and you have access to the DBMS *and* you have admin rights on the DB, create a single user in it with the required permissions, and have the web page connect to the DB using the right connection string (including the username and password of the user you created)

    If it's a file system access database on a network, add the users who need access to a group, add the group to the database, and have the users connect through what is called a "trusted connection".


    So let me get this straight... there's a regular access system set up, and your client wants an extra layer of security...

    ... and you place the username and password for that extra layer on the page? Whistle me back if I'm wrong...

    Anyway - web-accessed databases that do *not* reside on an intranet can only have *one* layer of security... you may have different *levels* and multiple logins... but an internet website database can only have one user, which is the user setup as the dbo.datareader / datawriter used by the web page scripts. All other access is usually done with a login system that has user information stored inside the database (or in a secondary database), and a plain HTML login form.

    I'm afraid I fail to understand how a second layer of security can be added on an internet application... other than asking for - as you've obviously done - a second login for verification purposes... and why not simply email them to the client *once*, so that they're not obviously *there* on the web page, defeating all security it could possible have to offer.

    There's no way to embed login information, unless you place the info inside a in the link to the page that the link points to - but that would probably require rewriting the page to accept plain text info from both a form and the querystring...

    http://www.site.com /protectpage.asp?user=[ username ]&password=[ user password ]

    Seems like an exercise in futility to me...

    Source(s): I'm a professional intranet web application programmer.
    • Commenter avatarLogin to reply the answers
Still have questions? Get your answers by asking now.