Click here to Skip to main content
15,302,644 members
Please Sign up or sign in to vote.
1.00/5 (1 vote)
See more:
I want store my database password externally in a text file. And when I want to connect to the database this password must be given in a form and verified from using that externally stored password I want this in vb 2005 and vb 2008 but not using C#

Updated 29-Oct-11 5:09am
Philippe Mori 29-Oct-11 13:41pm
Very, very bad idea. Very unsecure.

What would be the point in storing passwords in an external text file? You might as well just use a sticky note attached to your monitor.

Just attempt to make the connection using the provided credentials. If they are wrong it will fail and you can handle the exception.
Espen Harlinn 29-Oct-11 11:14am
Good point :)
Chiranthaka Sampath 30-Oct-11 7:30am
Well this is my point of view! The connection to the database is as following in VB 2005 & vb 2008

oledbConn.ConnectionString = "Provider=Microsoft.ACE.OLEDB.12.0; Data Source=""ModernShoes.accdb"""

To the end of that statement a password can be set as the database password! But this password is hardcoded.

If the administrator of the particular system want to change the password the developer must recompile the total system. If I stored that connection-string statement externally in a text file or in an XML file the administrator will be able to reset the password and do not want to worry about the recompiling the total software program.

If you can please try to solve my problem!

[no name] 30-Oct-11 9:03am
well this is my point of view. Your idea is naive and not very good.

You can use integrated security, database roles, or other methods rather than hard code credentials. To work around passwords being changed, just ask the user to enter it.To put it very bluntly, storing passwords in an external file is just plain stupid and unnecessary
Chiranthaka Sampath 30-Oct-11 21:23pm
So how can I solve that if I use MS Access as the database?
[no name] 30-Oct-11 21:46pm
Chiranthaka Sampath 31-Oct-11 11:21am
Well that article looks useful but I have a small doubt that if someone want to change the database password without the knowledge of the admin of that system he can do it easily. Then how can I able to prevent that!
[no name] 31-Oct-11 13:30pm
MS Access is not a server based application or enterprise database. Anyone who has access to the file can update it. You seem to be confused between MS Access and SQL Server.
Chiranthaka Sampath 31-Oct-11 13:37pm
It means if I used MS SQL Server instead of MS Access it will be more useful?
I wrote this article Security : It’s getting worse[^], because designs like this often makes it into production.

Best regards
Espen Harlinn

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

CodeProject, 20 Bay Street, 11th Floor Toronto, Ontario, Canada M5J 2N8 +1 (416) 849-8900