Link to home
Start Free TrialLog in
Avatar of neoptoent
neoptoentFlag for United States of America

asked on

VBscript Sybase Query DSN credentials

Hi,

I need to run a vbscript (from a windows 2003/2008 server) that will use a system  DSN ODBC connection to a sybase database on a Unix  server to do a query. (select statement)
I cant have the password in the script (cleartext) so I want to configure a DSN with the username and password in there .

It this possible?
Can I call a DSN odbc connection from VBscript and use something like trusted for the credentials?
If so, what do I use to open the connection to the DB?
The user account and password will be  local sybase user/pass.

Avatar of RobSampson
RobSampson
Flag of Australia image

Hi, this should show you some examples on how to use a System DSN:
http://www.activexperts.com/activmonitor/windowsmanagement/adminscripts/enterprise/databases/

This line should cover the main connection part:
objConnection.Open "DSN=Inventory;"


Regards,

Rob.
Avatar of neoptoent

ASKER

Rob,

What do I do about password.
I dont think you can store a password in a dsn.
And i need to connect to Sybase and Oracle databases using sql authentication.

I can have it in the connection string because we cant have a password in clear text

Any ideas?
I don't actually think it's possible.  With VBScript, the details will always be in clear text somewhere along the line, whether you encrypted them or not.  There is no way to predefine SQL authentication credentials in a DSN.

Perhaps your best bet is to put the connection details in the script without using a DSN (so use a DSN-less connection string), and then compile the VBS into an EXE, using something like the VBSToEXE tool here:
http://www.f2ko.de

Regards,

Rob.
Not a bad idea,
If  it is converted to an exe, is anything still in clear? meaning can someone open the exe and see the password?


I wish there would be  a way for me to encrypt the password in a reg key or file and then use the vbscript to call that key/file decrypt the password.


If I use a dsn then the password stays encrypted over the wire...
ASKER CERTIFIED SOLUTION
Avatar of RobSampson
RobSampson
Flag of Australia image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
ahhh

i dont know .net... can i use vbscript in there and just compile it?
No, unfortunately, that doesn't work, you might just be best trying out the VBSToEXE approach.

Regards,

Rob.
if i wrote it VB and compiled it, can u encrypt the code so it cant be viewed?
If you conver the VBS to an EXE, it is written in "machine code", so cannot be interpreted.  I've tried running a few "sniffers" over the EXE compiled by the VBS2EXE, and couldn't find any clear text code, so I think it's pretty safe.

Regards,

Rob.
Rob,

do you think i could use blowfish, encrypt the password in the registry and use it?
I assume you're talking about something like this:
http://www.example-code.com/vbscript/vbscript-blowfish.asp

But, as far as I can see, if people can still read your plain text vbscript, then they could make a new script that includes these lines (in particular):

keyBytes = blowfish.GenerateSecretKey("secret_password")
blowfish.SecretKey = keyBytes

Then read the cypherText (encrypted string) from the registry where you store it, and simply decrypt it using this:

clearText = blowfish.DecryptStringENC(cipherText)

VBScript really isn't the secure way to do this, because it's always plain text.

There might be one way of making the SecretKey unknown though, or if we go back a few steps, the database username and password for the DSN, unknown.  That would be to pass those values from AD as a login script perhaps.  The parametes passed from AD are unkown to the user, and they can't copy the code to try to run it from somewhere else, because it needs to run from that particular GPO.

To do that, use a DSN-less connection string, and code like this:

strUsername = WScript.Arguments.Item(0)
strPassword = WScript.Arguments.Item(1)
strConnString = "Data Source=\\myserver\myvolume\mypat\mydd.add;User ID=" & strUsername & ";Password=" & strPassword & ";ServerType=REMOTE;"

Connection strings are here: http://www.connectionstrings.com/sybase-advantage

Then, in a GPO, set up a login script to point to the script, and in the parameters section type
username password

Regards,

Rob.