Solved

Password and Username

Posted on 2003-11-08
8
289 Views
Last Modified: 2010-05-01
I am using an ADO data control to connect to my MS SQL Database.
I use the following connection string:

Provider=sqloledb;Network Library=DBMSSOCN;Password=mama;Persist Security Info=True;User ID=sa;Data Source=127.0.0.1;Initial Catalog=master

Is it a good practise to specify the password and usename to my database as specified above. Will it cause my application to be not secure. Please include your suggestions, comments, examples and etc.

Your help is kindly appreciated.

Regards
Eugene
0
Comment
Question by:eugene007
  • 5
  • 3
8 Comments
 
LVL 3

Accepted Solution

by:
NBrownoh earned 35 total points
ID: 9709188
it depends on who has access to your computer and the databse.  If the computer or program is being used by people who you might not want to have authority to add/edit/delete records then i would password the databse.  If its just you or just poeple who are authorized to edit the databse then i wouldnt worry about it too much.

If you plan on having unauthed users running this program i wouldnt hard code the password in, i would prompt for it.
0
 

Author Comment

by:eugene007
ID: 9709208
If you were to prompt the use for the username and pws, how would u store it. will it be encrypted if it was stored in a variable, and the used  in:

Provider=sqloledb;Network Library=DBMSSOCN;Password=mama;Persist Security Info=True;User ID=sa;Data Source=127.0.0.1;Initial Catalog=master
0
 
LVL 3

Expert Comment

by:NBrownoh
ID: 9709217
just declare a private var in your routine that runs that sql query.  the only way anyone could touch it would be if you declared a global or stored it in a class module.  A private variable will be perfectly safe.
0
 

Author Comment

by:eugene007
ID: 9709220
My database is password protected just as stated bellow:

Provider=sqloledb;Network Library=DBMSSOCN;Password=mama;Persist Security Info=True;User ID=sa;Data Source=127.0.0.1;Initial Catalog=master
0
Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

 
LVL 3

Expert Comment

by:NBrownoh
ID: 9709228
ok this is what i mean

Private Sub YourSub()
    Dim Pass As String
    TPass$ = InputBox("Please input a password to connect to the database.", "Password Prompt")
    If TPass$ <> "" And TPass$ <> "mama" Then
        Provider = "sqloledb;Network Library=DBMSSOCN;Password=mama;Persist Security Info=True;User ID=sa;Data Source=127.0.0.1;Initial Catalog=master"
    Else
        MsgBox "Your password was incorrect"
        Exit Sub
    End If
    'run the rest of your connection code here
End Sub
0
 

Author Comment

by:eugene007
ID: 9709230
Is there chances for someone to intercept the password and username on the network.
0
 
LVL 3

Expert Comment

by:NBrownoh
ID: 9709235
with that example there really wouldnt be, and in any sense who would be trying to intercept the message?  I would be worried more about the database being hacked rather than someone trying to pull it out of a sub that runs for a fraction of a second.
0
 
LVL 3

Expert Comment

by:NBrownoh
ID: 9709262
glad i could help you out :)
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

When trying to find the cause of a problem in VBA or VB6 it's often valuable to know what procedures were executed prior to the error. You can use the Call Stack for that but it is often inadequate because it may show procedures you aren't intereste…
If you need to start windows update installation remotely or as a scheduled task you will find this very helpful.
As developers, we are not limited to the functions provided by the VBA language. In addition, we can call the functions that are part of the Windows operating system. These functions are part of the Windows API (Application Programming Interface). U…
Get people started with the utilization of class modules. Class modules can be a powerful tool in Microsoft Access. They allow you to create self-contained objects that encapsulate functionality. They can easily hide the complexity of a process from…

930 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

9 Experts available now in Live!

Get 1:1 Help Now