Plateforme Level Extreme
Abonnement
Profil corporatif
Produits & Services
Support
Légal
English
SQL Server DBC Connection Passwort
Message
De
12/09/2023 09:51:48
Dragan Nedeljkovich
Now officially retired
Zrenjanin, Serbia
 
 
À
12/09/2023 09:46:24
Lutz Scheffler
Lutz Scheffler Software Ingenieurbüro
Dresden, Allemagne
Information générale
Forum:
Visual FoxPro
Catégorie:
Client/serveur
Titre:
Re: SQL Server DBC Connection Passwort
Divers
Thread ID:
01687045
Message ID:
01687047
Vues:
58
>>Hi!
>>
>>Since many years we are connecting to the SQL Server. Authentication is performed using Windows Authentication.
>>But now we need to specify the user and password for a special project in the connection string. So far no problem.
>>But we create a connection in the DBC, and logically the connection string is stored in this connection. And therefore also the user and the password in plain text.
>>Means with dbGetProp() this can be read out easily. Or from the outside with a Hex-Editor on the DBC. So this is a security hole!
>>Does anyone have an idea how to get around this?
>
>Is there any chance to hand pwd and user as a variable to the connection?

I doubt it. The one thing I remember about connection stored in a dbc is that it's unwieldy, unmovable and you can't change it programmatically, you must use the editor.

So... why not a connection string? It can be stored in an encrypted textfile and decrypted from inside the app. I've seen this done and it was in an environment very careful about security.
back to same old
the first online autobiography, unfinished by design
What, me reckless? I'm full of recks!
Balkans, eh? Count them.
Précédent
Suivant
Répondre
Fil
Voir

Click here to load this message in the networking platform