Solved

Password and Username

Posted on 2003-11-08
8
299 Views
Last Modified: 2010-05-01
I am using an ADO data control to connect to my MS SQL Database.
I use the following connection string:

Provider=sqloledb;Network Library=DBMSSOCN;Password=mama;Persist Security Info=True;User ID=sa;Data Source=127.0.0.1;Initial Catalog=master

Is it a good practise to specify the password and usename to my database as specified above. Will it cause my application to be not secure. Please include your suggestions, comments, examples and etc.

Your help is kindly appreciated.

Regards
Eugene
0
Comment
Question by:eugene007
  • 5
  • 3
8 Comments
 
LVL 3

Accepted Solution

by:
NBrownoh earned 35 total points
ID: 9709188
it depends on who has access to your computer and the databse.  If the computer or program is being used by people who you might not want to have authority to add/edit/delete records then i would password the databse.  If its just you or just poeple who are authorized to edit the databse then i wouldnt worry about it too much.

If you plan on having unauthed users running this program i wouldnt hard code the password in, i would prompt for it.
0
 

Author Comment

by:eugene007
ID: 9709208
If you were to prompt the use for the username and pws, how would u store it. will it be encrypted if it was stored in a variable, and the used  in:

Provider=sqloledb;Network Library=DBMSSOCN;Password=mama;Persist Security Info=True;User ID=sa;Data Source=127.0.0.1;Initial Catalog=master
0
 
LVL 3

Expert Comment

by:NBrownoh
ID: 9709217
just declare a private var in your routine that runs that sql query.  the only way anyone could touch it would be if you declared a global or stored it in a class module.  A private variable will be perfectly safe.
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 

Author Comment

by:eugene007
ID: 9709220
My database is password protected just as stated bellow:

Provider=sqloledb;Network Library=DBMSSOCN;Password=mama;Persist Security Info=True;User ID=sa;Data Source=127.0.0.1;Initial Catalog=master
0
 
LVL 3

Expert Comment

by:NBrownoh
ID: 9709228
ok this is what i mean

Private Sub YourSub()
    Dim Pass As String
    TPass$ = InputBox("Please input a password to connect to the database.", "Password Prompt")
    If TPass$ <> "" And TPass$ <> "mama" Then
        Provider = "sqloledb;Network Library=DBMSSOCN;Password=mama;Persist Security Info=True;User ID=sa;Data Source=127.0.0.1;Initial Catalog=master"
    Else
        MsgBox "Your password was incorrect"
        Exit Sub
    End If
    'run the rest of your connection code here
End Sub
0
 

Author Comment

by:eugene007
ID: 9709230
Is there chances for someone to intercept the password and username on the network.
0
 
LVL 3

Expert Comment

by:NBrownoh
ID: 9709235
with that example there really wouldnt be, and in any sense who would be trying to intercept the message?  I would be worried more about the database being hacked rather than someone trying to pull it out of a sub that runs for a fraction of a second.
0
 
LVL 3

Expert Comment

by:NBrownoh
ID: 9709262
glad i could help you out :)
0

Featured Post

ScreenConnect 6.0 Free Trial

Explore all the enhancements in one game-changing release, ScreenConnect 6.0, based on partner feedback. New features include a redesigned UI, app configurations and chat acknowledgement to improve customer engagement!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you have ever used Microsoft Word then you know that it has a good spell checker and it may have occurred to you that the ability to check spelling might be a nice piece of functionality to add to certain applications of yours. Well the code that…
You can of course define an array to hold data that is of a particular type like an array of Strings to hold customer names or an array of Doubles to hold customer sales, but what do you do if you want to coordinate that data? This article describes…
Get people started with the utilization of class modules. Class modules can be a powerful tool in Microsoft Access. They allow you to create self-contained objects that encapsulate functionality. They can easily hide the complexity of a process from…
Show developers how to use a criteria form to limit the data that appears on an Access report. It is a common requirement that users can specify the criteria for a report at runtime. The easiest way to accomplish this is using a criteria form that a…

810 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question