Re: vb & mssql apps : security issue
From: ^Crazy Coder^ (saba_at_clubrt.com)
Date: 05/07/03
- Next message: David Portas: "Re: vb & mssql apps : security issue"
- Previous message: Stephen Dybing [MSFT]: "Re: SQL Server Services"
- In reply to: David Portas: "Re: vb & mssql apps : security issue"
- Next in thread: David Portas: "Re: vb & mssql apps : security issue"
- Reply: David Portas: "Re: vb & mssql apps : security issue"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 8 May 2003 04:59:32 +0700
Dear all,
Lots thanks for reply, ..
this is serious to me, to everyone actually.
That's why I posted up this issue:
Remember, my technic :
- Since I don't know where to deal best about security issue,
so I let MS-SQL itself deal with uid/pw,
then my apps should be secure as the host could provided.
- My user (who have trusted to log-in and use 'my program') still can't get
access to any of TABLEs, block them not to see any of confidential data!
when they're not using 'my program'
here is my codes:
>
> '//[1] - check whatever he/she is valid on MS_SQL user
> DBConn1.Properties("User ID").Value = txtUserName.Text
> DBConn1.Properties("Password").Value = txtPassword.Text
>
> On Error GoTo SQL_LOG_ON_ERROR
>
> DBConn1.Open
> On Error GoTo 0
> DBConn1.Close
>
> '//[2] - if yes, re-open using my internal account
> '// that have right_r/w on my inv database
> DBConn1.Properties("User ID").Value = "my_apps_uid"
'>>>here!! .. is danger zone :(
> DBConn1.Properties("Password").Value =
"somethingOhThatWouldBeNOTtooEazy"
>
> DBConn1.Open
>
>
>
After afew days after posted, I sill keep thinking.
And I still don't know where to secure uid/pw on my complied code above.
^CrazyCoder^
"David Portas" <REMOVE_BEFORE_REPLYING_dportas@acm.org> wrote in message
news:#nVUNULFDHA.1924@TK2MSFTNGP11.phx.gbl...
> > You could have the password an encryption of the username. As long as
they
> > don't have a copy of the encryption algorithm you use (i.e. keep your
> source
> No. Good practice is to assume that the algorithm is known. If you code
your
> own encryption it should be one of the standard, published algorithms
> anyway. Most likely running in the MS CryptoAPI.
>
> > .. Then, you don't even need to know the
> > password, just the username....
> You said it! So if the username is stored in your database and it isn't
> encrypted then how secure is that?
>
> --
> David Portas
> ------------
> Please reply only to the newsgroup
> --
>
> "Stephen J Whiteley" <hackateerTHEYAAHHOOOatyahoo.com> wrote in message
> news:O0YaD8KFDHA.1984@TK2MSFTNGP12.phx.gbl...
> > You could have the password an encryption of the username. As long as
they
> > don't have a copy of the encryption algorithm you use (i.e. keep your
> source
> > code secure) you should be set. Then, you don't even need to know the
> > password, just the username....(have an application that can create a
new
> > username/password combination for the database).
> > ...just a thought.
> >
>
>
>
- Next message: David Portas: "Re: vb & mssql apps : security issue"
- Previous message: Stephen Dybing [MSFT]: "Re: SQL Server Services"
- In reply to: David Portas: "Re: vb & mssql apps : security issue"
- Next in thread: David Portas: "Re: vb & mssql apps : security issue"
- Reply: David Portas: "Re: vb & mssql apps : security issue"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
