ASP Connection with SQL 2000

Hi to all and sorry for my english.

I'm newbie in sql world.

I have installed SQL 2000 in Windows 2003 Server, i have create a simple database "testdb", a sample table "testtable" and populate it with some row.

After i have made an aspx page in a different Windows 2003 IIS server with this string connection:

MyConnection = New SqlConnection("server=nameofsqlserver;database=testdb;UID=sa;pwd= mysastrongpassword")

and all work fine (i can view a table with all record).

This is my question. Is correct to use SA account in aspx page? I think is not a "safety" solution!
If the answer is "no", which the correct and secure solution?

Thanks in advanced for any help and best regards.

Use another sql user with only privileges you want to allow.

Thanks Doug G,

but how i can create this new user and how i can assigne specified privileges?

I have tried to make this but without valid result.

Best regards.

hi,

open your enterprise manager, goto your database, then Security, then Logins.

Right Click and select new Login.

under the general tab, enter a login name and choose sql Server Authentication, and type in a good pw, then goto the ServerRoles, and Database Access tabs, and select the databases and roles for this new user.

Good luck!

Hi, nofriends

This is my problem!
Which are the correct roles?
Are dipendent from the action made in the aspx page?
Which correct if the aspx page read only the table and which correct if the aspx need to write to the table?

Thanks for this help.

Hi,

if you only want the user to read records then use the "db_datareader", and if you want the user to write to the database
then use "db_datawriter".

Hope this helps.

This is ok for Database Access Page, but for the server role?
I can leave any check box clear?

Thanks another time.