|
code
newsgroups
|
|||||||||||||||||||||||
|
|||||||||||||||||||||||
Where to store database login information in VB6I am new to development and I am looking for some pointers. I have a sql 2000
database and a vb6 app although the answer could still apply to sql 2008 and vb.net I suppose. Right now the SQL username and password to connect to the database is stored in the VB application which is not convenient since we must change the password periodically. The user opens the app and enters the username and password for the vb application. Using the credentials stored in the application to connect to the sql server, the app checks the username and password stored in a user table in the database to determine if they are allowed to connect or not. For various reasons, it is not feasible to simply have the application username and password be the same as the database username and password. We must have only one database username and password and it must be changeable. Like I said, it is now stored in the compiled application which is inconvenient. Are there any ideas or pointers you can give me as to how this is NORMALLY set up? It doesn't have to be "out there" just standard practice. Thanks. On Wed, 11 Mar 2009 11:35:15 -0700, IVP wrote:
Show quoteHide quote > I am new to development and I am looking for some pointers. I have a sql 2000 There's really only a couple of different places you can store a login and> database and a vb6 app although the answer could still apply to sql 2008 and > vb.net I suppose. Right now the SQL username and password to connect to the > database is stored in the VB application which is not convenient since we > must change the password periodically. The user opens the app and enters the > username and password for the vb application. Using the credentials stored in > the application to connect to the sql server, the app checks the username and > password stored in a user table in the database to determine if they are > allowed to connect or not. For various reasons, it is not feasible to simply > have the application username and password be the same as the database > username and password. We must have only one database username and password > and it must be changeable. Like I said, it is now stored in the compiled > application which is inconvenient. > > Are there any ideas or pointers you can give me as to how this is NORMALLY > set up? It doesn't have to be "out there" just standard practice. > > Thanks. password. In a file or in the registry, or I suppose in Windows protected storage (I don't personally like that one). If it were me I would only store a hash of the login username and the password, that way you can verify the data without storing the actual data. This way if the login or password is forgotten, it's gone forever. The only hack would be to brute force the hash. -- HK
Show quote
Hide quote
"IVP" <I**@discussions.microsoft.com> wrote in message For user passwords, compute the MD5 hash of the password, and store the hash news:FF141D29-43AA-44CC-BB21-933D53D9D451@microsoft.com... >I am new to development and I am looking for some pointers. I have a sql >2000 > database and a vb6 app although the answer could still apply to sql 2008 > and > vb.net I suppose. Right now the SQL username and password to connect to > the > database is stored in the VB application which is not convenient since we > must change the password periodically. The user opens the app and enters > the > username and password for the vb application. Using the credentials stored > in > the application to connect to the sql server, the app checks the username > and > password stored in a user table in the database to determine if they are > allowed to connect or not. For various reasons, it is not feasible to > simply > have the application username and password be the same as the database > username and password. We must have only one database username and > password > and it must be changeable. Like I said, it is now stored in the compiled > application which is inconvenient. > > Are there any ideas or pointers you can give me as to how this is NORMALLY > set up? It doesn't have to be "out there" just standard practice. value. When the user enters the password, compare the hash values to see if they are the same, and if so, the password is correct. Here is MD5 implementation in VB6: http://www.frez.co.uk/freecode.htm#md5 Direct link: http://www.frez.co.uk/MD5.zip For DB connection password, you have to save the password encrypted in an INI file or the registry(You can't use MD5 for this). Finally, if you want the users to use the same user ID and password they use to logon to Windows, check this article: How to validate user credentials from Visual Basic by using SSPI http://support.microsoft.com/default.aspx?scid=kb;en-us;279815 On Wed, 11 Mar 2009 18:19:20 -0500, Nobody wrote:
> "IVP" <I**@discussions.microsoft.com> wrote in message I've always wondered as to why someone would write their own MD5 routine> news:FF141D29-43AA-44CC-BB21-933D53D9D451@microsoft.com... > For user passwords, compute the MD5 hash of the password, and store the hash > value. When the user enters the password, compare the hash values to see if > they are the same, and if so, the password is correct. Here is MD5 > implementation in VB6: > > http://www.frez.co.uk/freecode.htm#md5 > Direct link: > http://www.frez.co.uk/MD5.zip instead of using the Windows API for this. > Why? Is the username and password not passed in the connection string? What> For DB connection password, you have to save the password encrypted in an > INI file or the registry(You can't use MD5 for this). am I missing? Can't the password and username be handled in memory at runtime? Is this specific to the OP's DB engine? I have exactly zero experience with sql2000 and it's been a while since I've done anything DB in VB6 so it's entirely possible that I'm completely missing something. -- HK "H-Man" <I-Hate@Spam.sucks> wrote in message A "hash" is NOT the same as "encryption", the MD5 hash is NOT reversible so news:49b92563$0$57670$892e0abb@auth.newsreader.octanews.com... > On Wed, 11 Mar 2009 18:19:20 -0500, Nobody wrote: > >> "IVP" <I**@discussions.microsoft.com> wrote in message >> news:FF141D29-43AA-44CC-BB21-933D53D9D451@microsoft.com... >> For DB connection password, you have to save the password encrypted in an >> INI file or the registry(You can't use MD5 for this). > > Why? > What am I missing? once you've encoded the connection string you cannot retrieve it, hence it's useless for that. Dave O
Show quote
Hide quote
"IVP" <I**@discussions.microsoft.com> wrote in message If you just want to externalize the connection string data (as opposed to news:FF141D29-43AA-44CC-BB21-933D53D9D451@microsoft.com... >I am new to development and I am looking for some pointers. I have a sql >2000 > database and a vb6 app although the answer could still apply to sql 2008 > and > vb.net I suppose. Right now the SQL username and password to connect to > the > database is stored in the VB application which is not convenient since we > must change the password periodically. The user opens the app and enters > the > username and password for the vb application. Using the credentials stored > in > the application to connect to the sql server, the app checks the username > and > password stored in a user table in the database to determine if they are > allowed to connect or not. For various reasons, it is not feasible to > simply > have the application username and password be the same as the database > username and password. We must have only one database username and > password > and it must be changeable. Like I said, it is now stored in the compiled > application which is inconvenient. > > Are there any ideas or pointers you can give me as to how this is NORMALLY > set up? It doesn't have to be "out there" just standard practice. > > Thanks. securing the password) you should consider a UDL file. http://msdn.microsoft.com/en-us/library/e38h511e(VS.71).aspx These replaced the deprecated DSN that dates back to the dark days of ODBC. They can easily be edited outside of your program. In your program just set your connection string value to: "File Name=sample.udl;" If you have a complex file path and name that may have spaces do not quote it as: "File Name=""" & App.Path & "\sample.udl"";" or "File Name='" & App.Path & "\sample.udl';" use: "File Name=" & App.Path & "\sample.udl;" Those working with Jet MDBs should note that ADOX cannot handle this connection string format. 
Other interesting topics
PaintPicture
My concept for a very basic stripboard layouter in VB6 Put Date/Time on Right Side of Form.Caption Option buttons become black - no text shown Procedure limit for Form? Days and Years - Data Comparing ActiveX Control Crashes - VB6 config file Is one color brighter than the other one? Copy protection and license management programs |
|||||||||||||||||||||||
