1.11M Members

Database Password Exposed

 
0
 

Hello!

Is there a way to hide the password of your database inside the source code?

"Provider=Microsoft.ACE.OLEDB.12.0;Data Source=" & Application.StartupPath & "\Database.accdb; Jet OLEDB:Database Password = [B]MyPassword[/B]"

As you can see the password is exposed, increasing the risk for the database to be compromise. Is there anything you can suggest how can I work around this one?

Thanks in advance!

 
0
 

If your source code is available to read, I suspect no. String constants in exe files can be easily extracted so if you want to "hide" the password in the exe then you can build it at run time a character or two at a time, even using conversion from numeric values to further obscure the actual password.

 
0
 

Thanks for the reply.

Can you please elaborate more how can I actually do that?

Thanks!

 
1
 

Sure. Take the console app:

Module Module1

    Sub Main()

        Dim password As String = "mypass"
        Console.WriteLine("password=" & password)

        password = Chr(115)
        password &= Chr(101)
        password &= Chr(99)
        password &= Chr(114)
        password &= Chr(101)
        password &= Chr(116)
        Console.WriteLine("password=" & password)

    End Sub

End Module

When you run it you will get the output

password=mypass
password=secret

If you extract the string values from the exe file (I use strings.exe, a tool from the excellent SysInternals Suite available free here) you can see the string "mypass" but not the constructed string "secret".

Please note that if you build "secret" in one line of code like

password = Chr(115) & Chr(101) & Chr(99) & Chr(114) & Chr(101) & Chr(116)

The compiler will optimize this to

password = "secret"

and, therefore, the string will be available for detection. The above method does not prevent someone extracting the string by examining the machine code with a disassembler or a debugger but it does add a level of obfuscation to prevent casual sleuthing.

 
0
 

Thanks for the tip!

Much appreciated.

 
0
 

Any time. Please mark this as solved if we are done.

Question Answered as of 2 Years Ago by Reverend Jim
You
This question has already been solved: Start a new discussion instead
Post:
Start New Discussion
View similar articles that have also been tagged: