Password and Username

I am using an ADO data control to connect to my MS SQL Database.
I use the following connection string:

Provider=sqloledb;Network Library=DBMSSOCN;Password=mama;Persist Security Info=True;User ID=sa;Data Source=127.0.0.1;Initial Catalog=master

Is it a good practise to specify the password and usename to my database as specified above. Will it cause my application to be not secure. Please include your suggestions, comments, examples and etc.

Your help is kindly appreciated.

Regards
Eugene
eugene007Asked:
Who is Participating?
 
NBrownohCommented:
it depends on who has access to your computer and the databse.  If the computer or program is being used by people who you might not want to have authority to add/edit/delete records then i would password the databse.  If its just you or just poeple who are authorized to edit the databse then i wouldnt worry about it too much.

If you plan on having unauthed users running this program i wouldnt hard code the password in, i would prompt for it.
0
 
eugene007Author Commented:
If you were to prompt the use for the username and pws, how would u store it. will it be encrypted if it was stored in a variable, and the used  in:

Provider=sqloledb;Network Library=DBMSSOCN;Password=mama;Persist Security Info=True;User ID=sa;Data Source=127.0.0.1;Initial Catalog=master
0
 
NBrownohCommented:
just declare a private var in your routine that runs that sql query.  the only way anyone could touch it would be if you declared a global or stored it in a class module.  A private variable will be perfectly safe.
0
Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

 
eugene007Author Commented:
My database is password protected just as stated bellow:

Provider=sqloledb;Network Library=DBMSSOCN;Password=mama;Persist Security Info=True;User ID=sa;Data Source=127.0.0.1;Initial Catalog=master
0
 
NBrownohCommented:
ok this is what i mean

Private Sub YourSub()
    Dim Pass As String
    TPass$ = InputBox("Please input a password to connect to the database.", "Password Prompt")
    If TPass$ <> "" And TPass$ <> "mama" Then
        Provider = "sqloledb;Network Library=DBMSSOCN;Password=mama;Persist Security Info=True;User ID=sa;Data Source=127.0.0.1;Initial Catalog=master"
    Else
        MsgBox "Your password was incorrect"
        Exit Sub
    End If
    'run the rest of your connection code here
End Sub
0
 
eugene007Author Commented:
Is there chances for someone to intercept the password and username on the network.
0
 
NBrownohCommented:
with that example there really wouldnt be, and in any sense who would be trying to intercept the message?  I would be worried more about the database being hacked rather than someone trying to pull it out of a sub that runs for a fraction of a second.
0
 
NBrownohCommented:
glad i could help you out :)
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.