Add User / Password to ADO Connection String


VB6(sp5) ADO

How do I add a User and Password to an ADO conncetion string to open a MS Access databse? Any pitfalls I should be aware of?

Also, is there a way for a person to see this password when the application is comipled into an .exe file?


Who is Participating?
mdouganConnect With a Mentor Commented:
Here is an example of the Encrypt routine:

Private Sub Command1_Click()
Static bEncrypt As Boolean

    If Not bEncrypt Then
        bEncrypt = True
        bEncrypt = False
    End If
    Text1.Text = Encrypt(Text1.Text, bEncrypt)

End Sub

Public Function Encrypt(ByVal sSource As String, bEncrypt As Boolean)
    Dim Letter As String
    Dim i As Integer
    For i = 1 To Len(sSource)
        Letter = Mid$(sSource, i, 1)
        If bEncrypt Then
            Mid$(sSource, i, 1) = Chr(Asc(Letter) - 7)
            Mid$(sSource, i, 1) = Chr(Asc(Letter) + 7)
        End If
    Next i
    Encrypt = sSource
End Function
Is it the "Database Password" you are refering to, or is it the password associated with a particular user?  In Access, you can go into the section that allows you to define users and give them passwords.  But, there is also a place where you can go to assign a database password that is separate from the user passwords, and the syntax is different, I think.

If it's the database password, then simply try putting


in your connect string.

You are correct in being concerned about someone being able to possibly browse the password in the EXE.  Most String literals are kept in a particular spot in the EXE and anyone can browse the EXE in a hex editor and read many of the string literals.

One technique I use is to lightly encrypt the string literal and then de-encrypt it when I actually go to use it.  So, your code might look like:

Const CONN_STRING = "!@%$#ft^....."

CN.ConnectString = DeEncrypt(CONN_STRING)

The way that I lightly encrypt/de-encrypt strings is to have a routine that converts each letter of the string into it's ASCII value, and then it subtracts some constant number, like 8 or 9 from the ascii value, then converts the result back to a character.  To de-Encrypt something, you simply do the same thing, but add the same constant number to the ASCII value.

So, I usually have a procedure called Encrypt that takes a boolean flag for whether you're trying to encrypt or de-encrypt, and depending on the flag, you either subtract or add the constant number respectively.

I said that this lightly encrypts the text.  That means that if any casual user was browsing the EXE they wouldn't be able to read any recognizable text.  If someone was pretty knowledgeable about cryptography, they might be able to find the string associated with your connect string, and then one of the first things they would try is this simple ascii manipulation.  So, if you're guarding important secrets this isn't the best approach.  But, if you want to foil 99.8 percent of your users out there, I think this works fine.
'connection to secure database
Dim Cnn As ADODB.Connection
Dim Rst As ADODB.Recordset

'In the place where you want to establish your connection, such
'as the Initialize event of a class module, enter the following:

Dim strConnect As String
Set Cnn = New ADODB.Connection

'Substitute your own User IDs, Password, Data Source, and System
'database in the connection string below
    strConnect = "Provider=Microsoft.Jet.OLEDB.4.0;" & _
        "Password=MyPassword;User ID=Administrator;" & _
        "Data Source=C:\AccessDBs\DB1.mdb;" & _
        "Persist Security Info=True;" & _
        "Jet OLEDB:System database=C:\AccessDBs\system.mdw"

    With Cnn
        .CursorLocation = adUseClient
        .Open strConnect
    End With
    Set Rst = New ADODB.Recordset
    Rst.ActiveConnection = Cnn      
Cloud Class® Course: Microsoft Exchange Server

The MCTS: Microsoft Exchange Server 2010 certification validates your skills in supporting the maintenance and administration of the Exchange servers in an enterprise environment. Learn everything you need to know with this course.

try out this code,but you should first have a table with the password and username fileds in your database.The username or password you enter should be the one in the database.

Private Sub Login_Click()
Dim found As Boolean
On Error GoTo errhandler

found = False

If (Username <> "") And (Password <> "") Then
Set DB = OpenDatabase("Yuor database.mdb")
Set RS = DB.OpenRecordset("Your table")
End If
Do While (RS!Password <> "") And (Not found)
If (RS!Username = Username.Text) And (RS!Password = Password.Text) Then
found = True
End If
If found Then

Login.Visible = False
Here load the form you are logging in
Load YourForm
End If
Set RS = Nothing

Exit Sub

'if password or username not in db then error message is  displayed
If Err = 3021 Then
MsgBox "Incorrect Username or Password,Try one's the system recognises..." & "Consult system administrator if having problem logging on...", vbExclamation
Exit Sub
End If
End Sub

8 open questions, all of which need your attention.  ADMINISTRATION WILL BE CONTACTING YOU SHORTLY.  Moderators Computer101, Netminder or Mindphaser will return to finalize these if they are still open in 7 days.  Experts, please post closing recommendations before that time.

Below are your open questions as of today.  Questions which have been inactive for 21 days or longer are considered to be abandoned and for those, your options are:
1. Accept a Comment As Answer (use the button next to the Expert's name).
2. Close the question if the information was not useful to you, but may help others. You must tell the participants why you wish to do this, and allow for Expert response.  This choice will include a refund to you, and will move this question to our PAQ (Previously Asked Question) database.  If you found information outside this question thread, please add it.
3. Ask Community Support to help split points between participating experts, or just comment here with details and we'll respond with the process.
4. Delete the question (if it has no potential value for others).
   --> Post comments for expert of your intention to delete and why
   --> YOU CANNOT DELETE A QUESTION with comments; special handling by a Moderator is required.

For special handling needs, please post a zero point question in the link below and include the URL (question QID/link) that it regards with details.
Please click this link for Help Desk, Guidelines/Member Agreement and the Question/Answer process.

Click you Member Profile to view your question history and please keep them updated. If you are a KnowledgePro user, use the Power Search option to find them.  

Questions which are LOCKED with a Proposed Answer but do not help you, should be rejected with comments added.  When you grade the question less than an A, please comment as to why.  This helps all involved, as well as others who may access this item in the future.  PLEASE DO NOT AWARD POINTS TO ME.

To view your open questions, please click the following link(s) and keep them all current with updates.

To view your locked questions, please click the following link(s) and evaluate the proposed answer.

*****  E X P E R T S    P L E A S E  ******  Leave your closing recommendations.
If you are interested in the cleanup effort, please click this link 
POINTS FOR EXPERTS awaiting comments are listed in the link below
Moderators will finalize this question if in @7 days Asker has not responded.  This will be moved to the PAQ (Previously Asked Questions) at zero points, deleted or awarded.
Thanks everyone.
Moderator @ Experts Exchange
ADawnAuthor Commented:
I'll try this...
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.