Level Extreme platform
Subscription
Corporate profile
Products & Services
Support
Legal
Français
SQL Server DBC Connection Passwort
Message
From
12/09/2023 09:51:48
Dragan Nedeljkovich (Online)
Now officially retired
Zrenjanin, Serbia
 
 
To
12/09/2023 09:46:24
Lutz Scheffler (Online)
Lutz Scheffler Software Ingenieurbüro
Dresden, Germany
General information
Forum:
Visual FoxPro
Category:
Client/server
Title:
Re: SQL Server DBC Connection Passwort
Miscellaneous
Thread ID:
01687045
Message ID:
01687047
Views:
57
>>Hi!
>>
>>Since many years we are connecting to the SQL Server. Authentication is performed using Windows Authentication.
>>But now we need to specify the user and password for a special project in the connection string. So far no problem.
>>But we create a connection in the DBC, and logically the connection string is stored in this connection. And therefore also the user and the password in plain text.
>>Means with dbGetProp() this can be read out easily. Or from the outside with a Hex-Editor on the DBC. So this is a security hole!
>>Does anyone have an idea how to get around this?
>
>Is there any chance to hand pwd and user as a variable to the connection?

I doubt it. The one thing I remember about connection stored in a dbc is that it's unwieldy, unmovable and you can't change it programmatically, you must use the editor.

So... why not a connection string? It can be stored in an encrypted textfile and decrypted from inside the app. I've seen this done and it was in an environment very careful about security.
back to same old
the first online autobiography, unfinished by design
What, me reckless? I'm full of recks!
Balkans, eh? Count them.
Previous
Next
Reply
Map
View

Click here to load this message in the networking platform