Is there a way to hide the password of your database inside the source code?

"Provider=Microsoft.ACE.OLEDB.12.0;Data Source=" & Application.StartupPath & "\Database.accdb; Jet OLEDB:Database Password = [B]MyPassword[/B]"

As you can see the password is exposed, increasing the risk for the database to be compromise. Is there anything you can suggest how can I work around this one?

Thanks in advance!

5 Years
Discussion Span
Last Post by Reverend Jim

If your source code is available to read, I suspect no. String constants in exe files can be easily extracted so if you want to "hide" the password in the exe then you can build it at run time a character or two at a time, even using conversion from numeric values to further obscure the actual password.


Thanks for the reply.

Can you please elaborate more how can I actually do that?



Sure. Take the console app:

Module Module1

    Sub Main()

        Dim password As String = "mypass"
        Console.WriteLine("password=" & password)

        password = Chr(115)
        password &= Chr(101)
        password &= Chr(99)
        password &= Chr(114)
        password &= Chr(101)
        password &= Chr(116)
        Console.WriteLine("password=" & password)

    End Sub

End Module

When you run it you will get the output


If you extract the string values from the exe file (I use strings.exe, a tool from the excellent SysInternals Suite available free here) you can see the string "mypass" but not the constructed string "secret".

Please note that if you build "secret" in one line of code like

password = Chr(115) & Chr(101) & Chr(99) & Chr(114) & Chr(101) & Chr(116)

The compiler will optimize this to

password = "secret"

and, therefore, the string will be available for detection. The above method does not prevent someone extracting the string by examining the machine code with a disassembler or a debugger but it does add a level of obfuscation to prevent casual sleuthing.

Votes + Comments
Your explanation is good.
This question has already been answered. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.