Where can I find RMS database security information?

The database is SQL Server, either 2005 0r 2005. In most cases it will be the free editions (MSDE for SQL 2000 or SQL Server Express Edition for SQL 2005).

If you are connecting without a user name & password on your local install, you have probably configured your copy of SQL with Windows Authentication. RMS Uses Mixed Mode Authentication (it's an install option of SQL Server.)

If you are using QSRules methods to access the database, then the session object has already connected to the DB for you and you don't need a password.

If you are creating your own connection in code, then it is just SQL Server and you can find mountains of documentation and code samples at

Glenn Adams Tiber Creek C> I have developed a custom application for our company that automatically

Thanks Glenn, that helps a lot. I went back and you were right. It was using Windows authentication.

How does RMS connect to the database? What user account does it use, if any?

In our envirnment virtually no one knows their sa password. I am hoping that there is a way to setup a user account from RMS that I can then use for my app to connect directly to their databases.

Maybe I am making this harder than it really is. My fundamental question is: What is the normal security stategy that programmer's would use to connect a third party app to a RMS database?

Todd

RMS uses the database connection as defined in Store Operations Administrator, File/Configuration.

As far as add-ins, it depends on the add-in...

If you are creating a 'hook' type add-in that is meant to fire when an event occurs in POS, you would typically use methods of the session object to do your data access using the same connection as RMS.

If you are creating a stand alone application (say an item creation tool), you would generally provide your own interface for entering connection information; you cannot use the connection defined by SO Administrator as it is encrypted and MS has not provided decryption documentation.

Glenn Adams Tiber Creek C> Thanks Glenn, that helps a lot. I went back and you were right. It was

Glen,

Thank you very much for your reply. This is very usefull and very hard to find information!

I've already created a UI in my external app that allows the user to enter login information and I can connect and run my queries just fine in my test envirnment. I'm just worried about our users not knowing their sa password since they have not used it since the set everything up. We'll see how it goes when we get out to the real world!

Thanks again,

Todd

Jim, I would sincerely doubt that until RMS 3.0 comes out next year we will see this type of functionality.

Oh, it's not a matter of functionality. The info is there in the registry and can be read via code, but the key values are in an encrypted string. So all they have to do is give the decryption scheme to be able to unscramble the connection info. But good old MS is good to stay tight lipped about that stuff.

The silly part is that > Jim,

Sorry Jim, let me clarify what I meant. Microsoft has told us that when they finally release the API there will be a function to return and/or update the connection information. It is my understanding they will not release the decryption cipher. We too have had to resort to creating our own connection repository for our customization, though as you said we have to encrypt them as well for security sake.

This is all very important info for me so please continue to update as new info becomes available.

I have now deployed my application a couple of times and both times the sa password has been blank (its ironic but it seems to me that as MS adds more security things are actually becoming less secure).

My backup plan, if the sa password is not blank, is to change it and then update the connection info in RMS. I've tried this in my test envirnment and it worked fine. Here is how I did it (found on internet).

************************************************ Forgot or lost your sa password? Don't worry, there is a way out :)

Login to the SQL Server computer as the Administrator of that computer. Open Query Analyzer and connect to SQL Server using Windows NT authentication. Run sp_password as shown below to reset the sa password:

sp_password @new = 'will_never_forget_again', @loginame = 'sa'

************************************************

Just make sure that you know of all the applications using that login and that you update all of their connections.

Todd

"Ryan @ RITE" wrote: