Visual Basic 6: How to create a secure DAL (even developers cannot gain access to login info)?
Scenario: We currently have a data access layer (DAL) created in VB 6 which has the ability to run stored procedures, get recordsets, etc your basic DAL functions. The login information is stored in a hash which gets decrypted prior to each call. Security hasnt been an issue in the past, and we havent had any unauthorized access that we know of. Developers can currently see the connection string info as they step through the code. Prior this was ok and acceptable.
The company is much larger now and is preparing for a Sarbanes-Oxley audit. One of the requirements is to limit who has access to the database login information on production servers including developers.
This brings up some interesting points for the project&&&&
1. Give the database admin the ability to frequently change the user name and password for the account that is used for many of our applications.
2. The DAL would then need to use the login information changes.
3. Through some method, developers would not be able to see these values while viewing source, debugging, or stepping through code, etc.
I have been asked to try and accomplish this project using VB6 type technology; if absolutely necessary, use .Net (because many of our client machines are old and they would be forced to update O/S, hardware). I mentioned having a web service which controlled the logins and passed back data which was shot down (because of the increased bandwidth issues and reduplicating some DAL logic).
Its important that the current DAL stay relatively intact (because the developers still have to maintain the code if there is a problem), while allowing login credentials to change securely.
1. Is it possible to hide a variables value from other developers in VB6 (including debugging, watches, and stepping through code)? For example, a variable can be set and used, but the value of the variable cannot be retrieved?
2. If you can suggest another approach for this unique situation, could you provide some high level design or point me in the direction of an example? (VB6 has higher priority if possible, but suggest .net solutions if thats all you know of).