Hi Antonio!
Thx for your reply! You never stop learning ;)
>Jörg,
>
>You can override the connection string stored in the database by specifying a different CONNSTRING when USEing a remote view.
>
>
>USE YourRemoteView CONNSTRING "a connection string that you can decrypt on the fly"
>
>
>The connection string can also be a numeric handle referencing an ODBC connection as returned by an SQL*CONNECT() function.
>
>
>>Hi Dragan,
>>
>>Connections can be easily created by Create Connection and can be modified by dbsetprop(). That's not the Problem ;)
>>
>>We use partly Remote Views, and the remote views are using the Connection, which ist stored in the DBC...
>>
>>>>>Hi!
>>>>>
>>>>>Since many years we are connecting to the SQL Server. Authentication is performed using Windows Authentication.
>>>>>But now we need to specify the user and password for a special project in the connection string. So far no problem.
>>>>>But we create a connection in the DBC, and logically the connection string is stored in this connection. And therefore also the user and the password in plain text.
>>>>>Means with dbGetProp() this can be read out easily. Or from the outside with a Hex-Editor on the DBC. So this is a security hole!
>>>>>Does anyone have an idea how to get around this?
>>>>
>>>>Is there any chance to hand pwd and user as a variable to the connection?
>>>
>>>I doubt it. The one thing I remember about connection stored in a dbc is that it's unwieldy, unmovable and you can't change it programmatically, you must use the editor.
>>>
>>>So... why not a connection string? It can be stored in an encrypted textfile and decrypted from inside the app. I've seen this done and it was in an environment very careful about security.