Hi Dragan,
Connections can be easily created by Create Connection and can be modified by dbsetprop(). That's not the Problem ;)
We use partly Remote Views, and the remote views are using the Connection, which ist stored in the DBC...
>>>Hi!
>>>
>>>Since many years we are connecting to the SQL Server. Authentication is performed using Windows Authentication.
>>>But now we need to specify the user and password for a special project in the connection string. So far no problem.
>>>But we create a connection in the DBC, and logically the connection string is stored in this connection. And therefore also the user and the password in plain text.
>>>Means with dbGetProp() this can be read out easily. Or from the outside with a Hex-Editor on the DBC. So this is a security hole!
>>>Does anyone have an idea how to get around this?
>>
>>Is there any chance to hand pwd and user as a variable to the connection?
>
>I doubt it. The one thing I remember about connection stored in a dbc is that it's unwieldy, unmovable and you can't change it programmatically, you must use the editor.
>
>So... why not a connection string? It can be stored in an encrypted textfile and decrypted from inside the app. I've seen this done and it was in an environment very careful about security.