david_88
asked on
Pass through query encrypt password
I have an application with many pass-through queries with the password saved in the odbc connection.
How do i prevent the user from being able to see the password.
thanks
dave
How do i prevent the user from being able to see the password.
thanks
dave
ASKER
sounds good i have found a link to dsable the shift key
how do i hide the msSysobjects table i cant see this table anyaway ?
thanks
dave
how do i hide the msSysobjects table i cant see this table anyaway ?
thanks
dave
Its a setting option under Tools/Options. Hide System Objects.
Remember, anything stored in a table in access is available via query. So the only real security you can have when it comes to passwords is either to store them in a Password formatted field, or code them.
Access wasn't' built to be bulletproof...so there is some risk in just hiding objects.
If you code the credentials, you can create a mde out of the DB and your users won't be able to get to the code.
Hope this helps.
J
Remember, anything stored in a table in access is available via query. So the only real security you can have when it comes to passwords is either to store them in a Password formatted field, or code them.
Access wasn't' built to be bulletproof...so there is some risk in just hiding objects.
If you code the credentials, you can create a mde out of the DB and your users won't be able to get to the code.
Hope this helps.
J
ASKER
well it needs to be relativley secure as it has access to important tables which i dont want people running any query they want on the orders table.
i have 2 apps with about 20 pass-through query's in total what would be the best method to make this secure. I dont mind either of the 2 options you have mentiond
dave
i have 2 apps with about 20 pass-through query's in total what would be the best method to make this secure. I dont mind either of the 2 options you have mentiond
dave
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
yeah have gone with this idea as i can see alot of benefits
cheers
dave
cheers
dave
The connection string is kept in the mSysObjects table which is a system table. Just make sure you disable shift keys in your database and hide the mSysObjects table. A savy user may still be able to query the table to see the data. In that case, you can create the connection strings in code when you link the tables and either code in the credentials or mask them in a data table using Access's Password masking feature.
J