July 30, 2010     |
Home
FAQs
       SQL Server FAQ
       SQL Injection FAQ
       SQL Security Checklist
       SQL Server-Related Products
       SQL Server/MSDE-Based Applications
       SQL Server Version Database
Tools
       Lockdown Script
       Free Tools
       Free Analysis
       Group Policy Templates
       Commercial Tools
Community
       Discussions
       Links
About
Search
Network Toaster
SQL Security Forums
Note: SQLSecurity.com does not allow nor require registration due to privacy concerns for users. SQLSecurity.com is open and anonymous for all. Please report any abuse or profanity.
Forums > Discussions > SQL Server Security
Subject: ODBC Security
Prev Next
Add Reply

Author Messages
Abhi Redd
06/03/2002 11:18 AM Quote Reply Alert 
Hi, We have client/server application and all the end user security is within the application and we use a single user for connecting to database. Currently we use .ini file to keep the username and password. But the file can be exposed so anyone can get access to the database using the database username and password. Is there any way we can protect this username and passowrd in certal location and have password setting like NT security settions. Thanks, Abhi
Chip Andrews
06/03/2002 9:10 PM Quote Reply Alert 
This is one of those no-win situations. Basically, if the application needs the auth credentials and they are on the machine then someone with suffiecient access can get them. If you have encryption requirements, you could encrypt the username and password using CryptoAPI. However, you need to place the key in a location only accessable to the application or the administrator. In short - place the creds in a place where only an admin or the application can gain access. Chip
Add Reply
Forums > Discussions > SQL Server Security > ODBC Security
Quick Reply
Username:  
Subject:  
Body:
 



ActiveForums 3.6
Copyright 1999 by Chip Andrews   |  Privacy Statement  |  Terms Of Use