Click here to Skip to main content
Rate this: bad
good
Please Sign up or sign in to vote.
See more: VB8.0 VB9.0
I want store my database password externally in a text file. And when I want to connect to the database this password must be given in a form and verified from using that externally stored password I want this in vb 2005 and vb 2008 but not using C#
 
Thanks!
Posted 29-Oct-11 6:07am
Edited 29-Oct-11 6:09am
v2
Comments
Philippe Mori at 29-Oct-11 13:41pm
   
Very, very bad idea. Very unsecure.
Rate this: bad
good
Please Sign up or sign in to vote.

Solution 1

What would be the point in storing passwords in an external text file? You might as well just use a sticky note attached to your monitor.
 
Just attempt to make the connection using the provided credentials. If they are wrong it will fail and you can handle the exception.
  Permalink  
Comments
Espen Harlinn at 29-Oct-11 11:14am
   
Good point :)
Chiranthaka Sampath at 30-Oct-11 7:30am
   
Well this is my point of view! The connection to the database is as following in VB 2005 & vb 2008
 
oledbConn.ConnectionString = "Provider=Microsoft.ACE.OLEDB.12.0; Data Source=""ModernShoes.accdb"""
 
To the end of that statement a password can be set as the database password! But this password is hardcoded.
 
If the administrator of the particular system want to change the password the developer must recompile the total system. If I stored that connection-string statement externally in a text file or in an XML file the administrator will be able to reset the password and do not want to worry about the recompiling the total software program.
 
If you can please try to solve my problem!
 

 
Mark Nischalke at 30-Oct-11 9:03am
   
well this is my point of view. Your idea is naive and not very good.
 
You can use integrated security, database roles, or other methods rather than hard code credentials. To work around passwords being changed, just ask the user to enter it.To put it very bluntly, storing passwords in an external file is just plain stupid and unnecessary
Chiranthaka Sampath at 30-Oct-11 21:23pm
   
So how can I solve that if I use MS Access as the database?
Mark Nischalke at 30-Oct-11 21:46pm
   
http://www.connectionstrings.com/access
Chiranthaka Sampath at 31-Oct-11 11:21am
   
Well that article looks useful but I have a small doubt that if someone want to change the database password without the knowledge of the admin of that system he can do it easily. Then how can I able to prevent that!
Mark Nischalke at 31-Oct-11 13:30pm
   
MS Access is not a server based application or enterprise database. Anyone who has access to the file can update it. You seem to be confused between MS Access and SQL Server.
Chiranthaka Sampath at 31-Oct-11 13:37pm
   
It means if I used MS SQL Server instead of MS Access it will be more useful?
Rate this: bad
good
Please Sign up or sign in to vote.

Solution 2

I wrote this article Security : It’s getting worse[^], because designs like this often makes it into production.
 
Best regards
Espen Harlinn
  Permalink  

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

  Print Answers RSS
0 OriginalGriff 195
1 ProgramFOX 130
2 Maciej Los 105
3 Sergey Alexandrovich Kryukov 85
4 Afzaal Ahmad Zeeshan 82
0 OriginalGriff 6,564
1 Sergey Alexandrovich Kryukov 6,048
2 DamithSL 5,228
3 Manas Bhardwaj 4,717
4 Maciej Los 4,150


Advertise | Privacy | Mobile
Web04 | 2.8.1411022.1 | Last Updated 29 Oct 2011
Copyright © CodeProject, 1999-2014
All Rights Reserved. Terms of Service
Layout: fixed | fluid

CodeProject, 503-250 Ferrand Drive Toronto Ontario, M3C 3G8 Canada +1 416-849-8900 x 100