>Hi!
>
>Since many years we are connecting to the SQL Server. Authentication is performed using Windows Authentication.
>But now we need to specify the user and password for a special project in the connection string. So far no problem.
>But we create a connection in the DBC, and logically the connection string is stored in this connection. And therefore also the user and the password in plain text.
>Means with dbGetProp() this can be read out easily. Or from the outside with a Hex-Editor on the DBC. So this is a security hole!
>Does anyone have an idea how to get around this?
Is there any chance to hand pwd and user as a variable to the connection?
Words are given to man to enable him to conceal his true feelings.
Charles Maurice de Talleyrand-Périgord
Weeks of programming can save you hours of planning.
OffThere is no place like [::1]