Plateforme Level Extreme
Abonnement
Profil corporatif
Produits & Services
Support
Légal
English
Hiding ODBC password in connection
Message
 
À
09/10/2003 09:39:50
Larry Long
ProgRes (Programming Resources)
Georgie, États-Unis
Information générale
Forum:
Visual FoxPro
Catégorie:
Client/serveur
Divers
Thread ID:
00836614
Message ID:
00837200
Vues:
25
The problem here is that we have 100s of users at some sites so we rarely get the opportunity to open the DBC exclusively.

Cheers
Mike

>If you open the database and then "MODI PROC" and add the code below, then turn on the database events (MODI DATA -> RIGHT-CLICK ->PROPERTIES), the code below should work...except that I think there's a bug in VFP 8 sp1 (see thread #836767) that essentially makes this code inop.
>
>PROCEDURE dbc_CloseData(cDatabaseName, lAll)
>*Before DBC is closed. Return .F. to prevent DBC from being closed.
>IF pPACKDATABASE(cDatabaseName)
> =MESSAGEBOX('PACKED') &&FOR TESTING
>ELSE
> =MESSAGEBOX('NOT PACKED') &&FOR TESTING
>ENDIF
>ENDPROC
>
>PROCEDURE pPACKDATABASE
>LPARAMETERS cDatabaseName
>LOCAL is_error, lcERR_Proc
>STORE ON('error') TO lcERR_Proc
>ON ERROR is_error=.T.
>OPEN DATABASE (cDatabaseName) EXCL
>IF NOT is_error
> PACK DATA
>ENDIF
>ON ERROR &lcERR_Proc
>RETURN(NOT is_error)
>
>>>One way would be to encrypt the connection string and save it to the registry. Then, when you need it, just read it from the registry and de-crypt.
>>>
>>>>We have an application that needs to connect to an ODBC datasource using a DBC connection which is shared by DBC remote views. We don't want to store the ODBC password in the DBC as this would allow users with read only access to the DBC to see the password.
>>>>
>>>>We have been holding an encrypted version of the password in a file and the when the application connects to the database we modify the DBC connection to put in the password, make the connection and then modify the DBC connection again to blank out the password.
>>>>
>>>>This approach has 2 problems:-
>>>>
>>>>1. It creates deleted records in the dbc which lead to file bloat.
>>>>2. Some users have discovered they can open the DBC as a text file and see the deleted records and therefore the password!
>>>>
>>>>Does anyone have a better means of making a remote connection but keeping the password secure?
>>>>
>>>>TIA
>>This is effectively what we do now - the problem lies in having to save the unencrypted password into the connection in the DBC at the time of opening so that we can share the connection in remote views.
>>
>>When the connection in the DBC is updated in this way it creates a new record everytime with the old sitting as a deleted record in the dbc.
---------------------------
Mike Boulton
WST Pacific Pty Ltd
65 Henley Beach Road
Mile End, South Australia 5031
Tel: +61 8 8150 5500
Web: www.wstpacific.com.au
Précédent
Suivant
Répondre
Fil
Voir

Click here to load this message in the networking platform