November 5, 2002 at 11:17 am
I have added a table MSysConf to my SQL Server database so that Access 97 does not store the User ID and Password for linked tables in MSysObjects. This works fine, if I refresh links using the user id and password, the connection made OK and only the first part of the connection string is stored not user id and password.
I have started to play with Passthru queries and find that these do not work the same way.
I use the following code if the links require refreshing:
For Each qdfPubs In dbPubs.QueryDefs
If Len(qdfPubs.Connect) > 0 Then
qdfPubs.Connect = strConnect
End If
Next
This code stores the user id and password in table MSysQueries.
Is this normal, any suggestions how I can hide the user id and password without encrypting the Access 97 database?
I have started
November 6, 2002 at 5:31 am
What you could do is move to windows authentification so that you do not need a password.
You could also do everting in code (make the connection create the passtrough query and execute it. When you are done reset the connection. ) I suppose this is not realy an option.
you could also make the passtrough queries hidden. Then you have to write some code to make it impossible for the user to unhide the ps.
November 6, 2002 at 7:18 am
Klaas-Jan, thanks for your reply.
My app is set up so that it will first use NT Authentication but where this not available has to use SQL Authentication.
Not a problem to stop people looking at the query within my Access database. The problem is that, if someone know how, they could create a new database and link this to the MSysQueries table in my original database. They would then see the user id and password in the connection string in column name1. Hiding the query would not make any difference.
I did occur to me to create and delete the query in code.
This does seem to be a security hole!
on demand and then delete it in code
Viewing 3 posts - 1 through 2 (of 2 total)
You must be logged in to reply to this topic. Login to reply