>>>Hi!
>>>
>>>Since many years we are connecting to the SQL Server. Authentication is performed using Windows Authentication.
>>>But now we need to specify the user and password for a special project in the connection string. So far no problem.
>>>But we create a connection in the DBC, and logically the connection string is stored in this connection. And therefore also the user and the password in plain text.
>>>Means with dbGetProp() this can be read out easily. Or from the outside with a Hex-Editor on the DBC. So this is a security hole!
>>>Does anyone have an idea how to get around this?
>>
>>Is there any chance to hand pwd and user as a variable to the connection?
>
>I doubt it. The one thing I remember about connection stored in a dbc is that it's unwieldy, unmovable and you can't change it programmatically, you must use the editor.
>
>So... why not a connection string? It can be stored in an encrypted textfile and decrypted from inside the app. I've seen this done and it was in an environment very careful about security.

You can change anything with a program, finally it's some bytes in a table (DBC). Only playing with it ends up low level, since I guess it's stored in the memo file - and altering the memo mid-level (iow replace or memo specific) creates a trace. (high level would be DBC specific command and in no way better) So this is no way to go.

Is there no way to use SQLCONNECT( ) function and use the handle returned?

I'm not very deep in SQL Server in special not VFP and MS SQL, I only create ideas.