Hi!
Since many years we are connecting to the SQL Server. Authentication is performed using Windows Authentication.
But now we need to specify the user and password for a special project in the connection string. So far no problem.
But we create a connection in the DBC, and logically the connection string is stored in this connection. And therefore also the user and the password in plain text.
Means with dbGetProp() this can be read out easily. Or from the outside with a Hex-Editor on the DBC. So this is a security hole!
Does anyone have an idea how to get around this?