Click here to Skip to main content
13,049,814 members (74,164 online)
Rate this:
Please Sign up or sign in to vote.
See more:
I want store my database password externally in a text file. And when I want to connect to the database this password must be given in a form and verified from using that externally stored password I want this in vb 2005 and vb 2008 but not using C#

Posted 29-Oct-11 5:07am
Updated 29-Oct-11 5:09am
Philippe Mori 29-Oct-11 13:41pm
Very, very bad idea. Very unsecure.
Rate this: bad
Please Sign up or sign in to vote.

Solution 1

What would be the point in storing passwords in an external text file? You might as well just use a sticky note attached to your monitor.

Just attempt to make the connection using the provided credentials. If they are wrong it will fail and you can handle the exception.
Espen Harlinn 29-Oct-11 11:14am
Good point :)
Chiranthaka Sampath 30-Oct-11 7:30am
Well this is my point of view! The connection to the database is as following in VB 2005 & vb 2008

oledbConn.ConnectionString = "Provider=Microsoft.ACE.OLEDB.12.0; Data Source=""ModernShoes.accdb"""

To the end of that statement a password can be set as the database password! But this password is hardcoded.

If the administrator of the particular system want to change the password the developer must recompile the total system. If I stored that connection-string statement externally in a text file or in an XML file the administrator will be able to reset the password and do not want to worry about the recompiling the total software program.

If you can please try to solve my problem!

Mark Nischalke 30-Oct-11 9:03am
well this is my point of view. Your idea is naive and not very good.

You can use integrated security, database roles, or other methods rather than hard code credentials. To work around passwords being changed, just ask the user to enter it.To put it very bluntly, storing passwords in an external file is just plain stupid and unnecessary
Chiranthaka Sampath 30-Oct-11 21:23pm
So how can I solve that if I use MS Access as the database?
Mark Nischalke 30-Oct-11 21:46pm
Chiranthaka Sampath 31-Oct-11 11:21am
Well that article looks useful but I have a small doubt that if someone want to change the database password without the knowledge of the admin of that system he can do it easily. Then how can I able to prevent that!
Mark Nischalke 31-Oct-11 13:30pm
MS Access is not a server based application or enterprise database. Anyone who has access to the file can update it. You seem to be confused between MS Access and SQL Server.
Chiranthaka Sampath 31-Oct-11 13:37pm
It means if I used MS SQL Server instead of MS Access it will be more useful?
Rate this: bad
Please Sign up or sign in to vote.

Solution 2

I wrote this article Security : It’s getting worse[^], because designs like this often makes it into production.

Best regards
Espen Harlinn

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

  Print Answers RSS
Top Experts
Last 24hrsThis month

Advertise | Privacy | Mobile
Web02 | 2.8.170713.1 | Last Updated 29 Oct 2011
Copyright © CodeProject, 1999-2017
All Rights Reserved. Terms of Service
Layout: fixed | fluid

CodeProject, 503-250 Ferrand Drive Toronto Ontario, M3C 3G8 Canada +1 416-849-8900 x 100