Newbie Question: DNS Connection Strings 2259
-
After an informal audit it was determined we had a potential material weakness that I do not understand and I am looking for some guidance.
We have an MS Access database front end with linked tables to a 2005 SQL Server backend. The DNS connection in the ODBC does have generic logins, which can be fixed, however I was informed we need to move to a DSN less connection in order to be compliant. That does not make sense to me, is there any guidance or documentation concerning SOX compliance with ODBC connections?
-
Hi Naomi and welcome to the forums
Within SOX 404, you won’t find this specifically stated, as it’s written at high-level and generically, so that management must set up an environment of self-regulation. As part of this, SOX external auditors participate and scrutinize controls so that IT financial systems are safeguarded. COBIT 4.0 controls are often used as checklists and guidelines.
After some quick research, I can see why this is prefered as noted below (e.g., we don’t use Access in PROD that I’m aware of). Instead of having this information in a file or Windows registry, the DNS-less approach isolates specific DB information more so from the user – although it’s highly unlikely folks would explore this type of information unless they were very technically savy. To me, the DSN-less approach seems slightly more secure and it may not be too difficult for the technical staff to setup and test out.
DSN-Less ODBC simply means that instead of storing connection information (like server, database, etc.) in a file or the Windows Registry, you have plunked them into a connect string , which is then associated with some data object, like an Access linked table.
Below are several resources found … As we’re not supposed to use direct links in the forums, please cut/paste these URLs to your browser.
Good luck
DSN Connection Strings in General
http-and-#58;//www.google.com/search?hl=en-and-q=odbc dsn connection string
http-and-#58;//www.carlprothman.net/Default.aspx?tabid=90
http-and-#58;//www.connectionstrings.com/?carrier=sqlserver
DSN-less Connection Strings in General
http-and-#58;//www.google.com/search?hl=en-and-q=odbc DSNless connection string
http-and-#58;//forums.globalscape.com/tm.aspx?m=5172
http-and-#58;//www.shocknet.org.uk/defpage.asp?pageID=55
BEST ARTICLES BELOW
http-and-#58;//www.databasejournal.com/features/mssql/article.php/1491011
http-and-#58;//www.aspemporium.com/support.aspx?PRB033
http-and-#58;//www.asp101.com/articles/john/connstring/default.asp
-
P.S. Below is a link for the free COBIT standards. It requires you to register, but once you establish a member ID you can download subsequent releases as I saw COBIT 4.1 is now available.
http://www.sarbanes-oxley-forum.com/modules.php?name=Forums-and-file=viewtopic-and-t=1920