• Secure/hide odbc connection string

    Home » Forums » AskWoody support » Productivity software by function » MS Access and database help » Secure/hide odbc connection string

    Author
    Topic
    WSmullinsbr
    AskWoody Lounger
    September 10, 2010 at 6:26 pm #471607

    Hello,

    I’m building an MS Access application as a front end to an Oracle database, using linked tables and server-side stored procedures. The question I have is with securing the ODBC connection information. Using Access 2010, hovering over the linked table shows everything in the connection string except the password. That’s not good, but I can live with it. However, Access also stores the ODBC connect informatin (including the password) in MSysObjects. A savy user could get to this info and gain access to stuff they shouldn’t. But the biggest issue I have is calling stored procedures in code. In order to do this you have to supply the connect string (or point to it in MSysObjects).

    So, my question: is there a better way? The DB is currently a .mdb, would it be more secure as an accdb? What about mde/accde?

    Thanks for any help. Looking forward to hearing what others are doing.

    Brian

    Reply | Quote
    Viewing 1 reply thread
    Author
    Replies
    • Paul T
      AskWoody MVP
      September 11, 2010 at 1:38 am #1243922

      If the network is a domain you could use Windows authentication rather than specific user/pass?

      cheers, Paul

      Reply | Quote
    • WBell
      AskWoody_MVP
      September 11, 2010 at 7:48 am #1243940

      If you were using SQL Server rather than Oracle, what Paul suggests is what we nearly always do. However I don’t know the internals of Oracle security and whether it can use Windows Integrated Security – at a minimum I believe you would have to define all of the User Security settings in Oracle rather than being able to add users as you can with SQL Server. See this link which asks the same question. As for calling stored procedures, you do have to define the connect string, although you can define it globally in a VBA module.

      As to the Access database format, I don’t see any advantage to using an accdb format – in fact Access User Security is not supported in it, so blocking users from seeing the system level tables is not possible. However Access 2010 doesn’t support the complete administration of Access User Security, so you would need to drop back to Access 2003 to do the initial setup. I would look at using an mde format for what you deploy to users as that will prevent all but the most dedicated hackers from getting into object designs or the VBA modules. Finally, I would plan on deploying a copy to each user workstation rather than using a shared copy from a server.

      Reply | Quote
    Viewing 1 reply thread
    Reply To: Secure/hide odbc connection string

    You can use BBCodes to format your content.
    Your account can't use all available BBCodes, they will be stripped before saving.

    Your information:




DON'T MISS OUT!
Subscribe to the Free Newsletter
We promise not to spam you. Unsubscribe at any time.
Invalid email address

View the Forum

  • Recent Replies
  • My Replies
  • My Active Topics
  • New Posts in the Last day
  • Private Messages
  • Knowledge Base
  • How to use the Forums
  • All Forums

    • Recent Topics

    My Profile

    May 2025
    S M T W T F S
     123
    45678910
    11121314151617
    18192021222324
    25262728293031

    Remembering Woody

     

    Want to Advertise in the free newsletter? How about a gift subscription in honor of a birthday? Send an email to sb@askwoody.com to ask how.

    Mastodon profile for DefConPatch
    Mastodon profile for AskWoody

     

    Home About FAQ Posts & Privacy Forums My Account
    Register Free Newsletter Plus Membership Gift Certificates MS-DEFCON Alerts

    Copyright ©2004-2025 by AskWoody Tech LLC. All Rights Reserved.