Security issue with OWC11 and Frontpage 2003

[James]

I have Analysis Services 2000 SP3a running on a server
called MYSERVER.
On a client workstation, in the same domain as the server,
I am developing a page using Frontpage 2003 where I
include a Pivot Table control, OWC version 11.0.0.5531.

The MDAC version on the client is 2.7 SP1.
The MDAC version on the server is also 2.7 SP1.

The page containing the OWC is in a "disk web site", on
the local disk of the workstation. When I open the page in
Frontpage, I get "This Website uses a data provider that
may be unsafe. If you trust the Website, click OK,
otherwise click Cancel."
Question 1: which data provider is that? Which Website,
workstation or server?

Then when I want to preview the page, I get "Safety
settings on this machine prohibit accessing a data source
on another domain". And yet I have included
http://MYSERVER in the list of trusted sites in Internet
Explorer (6.0 SP1) on my workstation.

The connection string in the OWC11 is:
<x:ConnectionString>Provider=MSOLAP.2;Data
Source=http://heras07;Initial Catalog=Catalog;Client Cache
Size=25;Auto Synch Period=10000<x:ConnectionString>

When I open a copy of the page on the server, it works
fine. But I don't want to develop on the server.
I've also tried to work with the server copy of the page
as a "remote web site" in Frontpage from my workstation;
same problem.

This didn't happen with Frontpage 2002, OWC10 as long as
http://MYSERVER was in the list of trusted sites.

Any ideas??

 

[Wei-Dong Xu [MSFT]]

Hi James,

Very good question!

Based on my experience, these warning message is to alert you about the plain text connection string to the data source. One web user will be very
easy to check these strings when he opens the page source so that the warning appears for you.

For more information and the configuration on this issue, I'd suggest you can search the Office2003 PivotTable component help with the keyword:
"About making connections to external data sources more secure". This article will help you a lot on how to set the external data source.

Please feel free to let me know if you have any questions.

Does this answer your question? Thank you for using Microsoft NewsGroup!

Wei-Dong Xu
Microsoft Product Support Services
Get Secure! - www.microsoft.com/security
This posting is provided "AS IS" with no warranties, and confers no rights.

 

[James]

I seem to have found a workaround: on the client, I set
the OWC connection to integrated security (Data
Source=MYSERVER;Integrated Security=SSPI). This way, I can
design the control the way I want.

When I deploy the page on MYSERVER, I set the OWC
connection string to "Data Source=http://MYSERVER" and no
integrated security so that users that are not part of the
domain can use the page.

It seems to work.

 

[Wei-Dong Xu [MSFT]]

Hi James,

Thank you for replying!

We have created one frontpage newsgroup for you. For more information, you can also post this issue in that thread. These Frontpage experts may
provide more assistance for you. Please go to:
Microsoft.public.frontpage.programming

Thank you once more for using Microsoft NewsGroup!

Wei-Dong Xu
Microsoft Product Support Services
Get Secure! - www.microsoft.com/security
This posting is provided "AS IS" with no warranties, and confers no rights.