Security Restrictions Using ADO

  • Article

Some operations are considered unsafe when calling the OLE DB Provider for Internet Publishing from ADO because they would be a security risk to the client computer. The basic restriction is that the OLE DB Provider for Internet Publishing will disallow any operation against a Web server other than the one from which the HTML page was accessed. This prevents an ASP page from accessing secure data on the client computer.

Specifically, the following operations will fail with DB_SEC_E_SAFEMODE_DENIED:

  • Copy or Move between servers
  • Copy, Move, or Delete where one or more of the URLs specified begins with a file://
  • Delete a URL on a different server than the one that served up the page
  • IBindResource::Bind or ICreateRow::CreateRow to a URL on a server other than the one that served up the page (otherwise you can bind to server A, read, bind to server B, write)
  • IOpenRowset::OpenRowset with a pTableID containing a URL on a server other than the one that served up the page