|
-
Nov 1st, 2002, 07:35 AM
#1
Thread Starter
Fanatic Member
 Security Access. Any Help?
My App need to CONNECT to a Server(SQL). I need to KNOW the user and password in order to connect to the DATABASE. The Question is:
1. If i know the USER AND PASSWORD Where is the "SECURITY"?
2. How can i connect to a database calling the user and the password without Knowing ? I meant, if there is a way to have the user and password on a file(script of course) or anyother way?
-
Nov 1st, 2002, 11:33 AM
#2
PowerPoster
in DAO:
dim db as database
Set db = DBEngine.Workspaces(0).OpenDatabase("C:\DATABASES\Database.MDB", False, False, ";pwd =fred;")
in ADO
dim CnXn as ADODB.Connection
Set Cnxn = New ADODB.Connection
strCnxn = "Provider=Microsoft.Jet.OLEDB.4.0;Jet OLEDB atabase Password =condon;Data Source=C:\DATABASES\Database.mdb;Jet OLEDB:Engine Type=4;"
Cnxn.Open strCnxnTech
-
Nov 1st, 2002, 11:34 AM
#3
PowerPoster
Last line should read:
Cnxn.Open strCnxn
-
Nov 5th, 2002, 06:47 AM
#4
Thread Starter
Fanatic Member
Yes, my friend i agree with you. but i still know the password and the user. What i need i to GET the password and the user from somewhere as a variable and pass those values to SQL or ANY DATABASE, but without KNOWING THE VALUES.
Is that possible?
Should I have to have those values always on my program or on a INI FILES?
-
Nov 5th, 2002, 07:31 AM
#5
Fanatic Member
I would recommend storing those values in the registry. Then just read the registry at startup and store the values in a global variable.
Here are some links to show you how:
Using GetSetting/SaveSetting
Using API
Chris
Master Of My Domain
Got A Question? Look Here First
-
Nov 5th, 2002, 09:01 AM
#6
PowerPoster
I find the problem with storing that data in the registry is that by using regedit, you can see the "secure" data.
By having it in my source code, I control who can see it (nobody but me).
-
Nov 5th, 2002, 11:42 AM
#7
Fanatic Member
If you encrypt the data in the registry, it shouldn't be a problem. I would rather use the registry to store this data than an INI file as end-users are most likely more comfortable with using Windows Explorer (if the O/S is Windows based) than using regedit.
If you always want to log on using the same ID, and you know there is no chance that that ID will be dropped, then you could probably go ahead and hard code the ID and password in your app.
Chris
Master Of My Domain
Got A Question? Look Here First
-
Nov 5th, 2002, 11:52 AM
#8
Addicted Member
How is your program running? If it is interactive, prompt the user for his/her name and password. If it is scheduled, schedule using a windows NT/2000 account, and give that account access to SQL Server.
Or you could store in the registery, but definetly encrypt the password.
Wydok
"It would appear that we have reached the limits of what it is possible to achieve with computer technology, although one should be careful with such statements, as they tend to sound pretty silly in 5 years."
-John Von Neumann ca. 1949
-
Nov 5th, 2002, 04:08 PM
#9
Member
Encryption
If you are looking at Encrypting I found this thread posted in General VB Questions which may be of help for you
http://www.vbforums.com/showthread.p...hreadid=211187
-
Nov 5th, 2002, 07:34 PM
#10
PowerPoster
Yo no need for all that jazz.
It's an SQL server db...
VB Code:
cn.Provider = "sqloledb"
cn.Properties("Prompt") = adPromptAlways
cn.Open "Data Source=TheServerName;" & _
"Initial Catalog=TheDatabaseName"
This will prompt for username and password.
That way you dont code it, it's up to the user.
Else you ask them to enter it in a login form.
good luck
b 
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
Click Here to Expand Forum to Full Width
|
Reply With Quote