Support Forums - View Thread

View Thread

The following is the text of the current message along with any replies.

Messages 1 to 7 of 7 total

Sun, Jun 5 2011 11:51 PM	Permanent Link
IQA	Hi Tim, I have a server program using a TEDBEngine component and acts as a server for other programs to connect to it (very much like what the ElevateDB Server program does). Question is, can this program access the database this TEDBEngine points to without a username and password (I'm sure in DBISAM I used to be able to do this). You see the server program needs to grab a few fields of data when it's initially started and I dont want the end user to have to enter a username and password and I dont want to have to set a fixed username and password for the server. I hope that makes sense, Thanks, Phil.
Mon, Jun 6 2011 3:34 AM	Permanent Link
Roy Lambert NLH Associates Team Elevate	Philip What you're asking makes sense but AFAIK just isn't possible. What's the problem with coding a name/password into the app? Roy Lambert [Team Elevate]
Mon, Jun 6 2011 5:52 AM	Permanent Link
IQA	Thanks Roy, My only problem with hard coding a username and password into the app is the fact I dont want a default password being found out and thus giving access to anyone who knows it. I know it's unlikely, but more of a security thing than any other issue. Having said that if it can't be done, then I'll just go with hardcoding a username and password into the server program. Cheers, Phil.
Mon, Jun 6 2011 6:19 AM	Permanent Link
Roy Lambert NLH Associates Team Elevate	Philip >My only problem with hard coding a username and password into the app is the fact I dont want a default password being found out and thus giving access to anyone who knows it. I know it's unlikely, but more of a security thing than any other issue. Security is going to be higher with a hardcoded username / password than with the ability to access the database without any username or password. I also have your concern, and need to access the database before anyone logs on so I've hidden the necessary details. Someone persistent enough will probably find them but the time and effort to do so will generally not be repaid by access. Roy Lambert [Team Elevate]
Mon, Jun 6 2011 11:29 PM	Permanent Link
David Cornelius Cornelius Concepts	The strategy I use is to have a fixed username/password (non-default), but have it encrypted in the code so that no one can see what it is by looking at the .exe in a hex editor. I think that's better than having a blank one or a default one. David Cornelius Cornelius Concepts
Tue, Jun 7 2011 12:51 AM	Permanent Link
IQA	Thanks David, I might take that idea and use a simple 3DES encrpytion routine I have.
Tue, Jun 7 2011 1:05 AM	Permanent Link
David Cornelius Cornelius Concepts	Perfect. Encryption/Decryption routines usually take a key, I take mine from one of the Version Info fields that don't change (i.e. Product Name). David Cornelius Cornelius Concepts