Re: Password security [where is the password]

Mon, Jan 22, 2007 at 09:39:17AM -0200, Ezequias Rodrigues da Rocha napsal(a):
> The latest item (FILE) where is it specifically?

Hmmm, what OS are you using?
I suppose it's Windows. Have you already used "ODBC Data Source
Administrator"? If you aren't  let's try it. It's located in Administrative
tools (in Control panel). There are some tabpages:
1) User DSN (stored in HKCU)
2) System DSN (stored in HKLM - you can specify the ACL with regedt32)
3) File DSN - you specify the file when you adding the DSN

> I must garantee that only admin users can see this password by now. Any
> other help

You can do it with 2) System DSN with correct registry ACL on the DSN or
with 3) File DSN with correct File ACL.

You have to try it yourself. I never need this.

Regards,

Luf

P.S. Please use group reply so users on the list could read it too.

> 2007/1/22, Ludek Finstrle <luf@pzkagis.cz>:
> >
> >> I would like to know where is the password setted on the connection
> >Dialog.
> >> If it remains after the client shutdown it must be in some place in the
> >hard
> >> disk. I am afread about it. Can anyone tell me if someone can catch it
> >> (hacker) ?
> >
> >It's stored in registry:
> >System DSN:
> >HKLM\Software\ODBC\ODBC.INI\<DSN name> in string value Password.
> >All the users with access to the computer can read it (don't forgot
> >the network registry access).
> >
> >User DSN:
> >HKCU\Software\ODBC\ODBC.INI\<DSN name> in string value Password.
> >If everything is properly only the user and Admin can read it.
> >
> >File DSN:
> >in file
> >All the users with access to the file can read it.
> >
> >Regards,
> >
> >Luf
> >
> >P.S. The admin could change the default ACL on registry tree.