Appl login and password

[steven]

Hi,

Wonder if anyone can help? Currently users are accessing via an application
using the appl ID and Password to connect to the SQL database. The SQL Server
is deployed using standard security. The appl ID and pw is stored encrypted
in an INI file and the appl decypts it and send the ID and Password in clear
to connect to the SQL server.

Is there any way to store this appl ID and Password encrypted in the database
and still allow the application to connect to the SQL Server?

[DaveSatz]

There are lots of ways, but it depends on your f/e.
If it is VB, you can connect to a COM component running under MTS/COM+ that
use a common connect string to connect to the database. The COM component
coudl return the id and password.
You could store id and password in the registry which would be slightly
harder to find that an INI file.
You could store the ID in the registry and create a SQL server password for
the user that is an encrypted version of the ID (so that you just encrypt
the id to get the password). You must then have your own way of verify the
password that the user types in.

But the easist solution, is to use integrated security; and then the user
will not have to login into your domain and the appl.

--
Thanks,
David Satz
Principal Software Engineer
Hyperion Solutions
->Using SQL Server 7.0 SP2/6.5 SP5a/Cold Fusion 4.5.1/ADO 2.1/VB 6.0/MTS
(Please reply to group only)
-----------------------------------------------------------------

"steven" <steven_tan@yahoo.com.sg> wrote in message
news:3a382c4c$1@news.devx.com...
>
> Hi,
>
> Wonder if anyone can help? Currently users are accessing via an
application
> using the appl ID and Password to connect to the SQL database. The SQL
Server
> is deployed using standard security. The appl ID and pw is stored
encrypted
> in an INI file and the appl decypts it and send the ID and Password in
clear
> to connect to the SQL server.
>
> Is there any way to store this appl ID and Password encrypted in the
database
> and still allow the application to connect to the SQL Server?

[D. Patrick Hoerter]

Dave,

I don't believe you read his question. He asked if it was possible to
store that information _in the database_.

Since he is already using encryption with an ini file, using the
connection string in MTS, or using a registry key, are just more of the
same.

The answer to his actual question, of course, is 'No'.

Regards,
D. Patrick Hoerter

DaveSatz <davidsatz@yahoo.com> wrote in message
news:3a38cfd4$1@news.devx.com...
> There are lots of ways, but it depends on your f/e.
> If it is VB, you can connect to a COM component running under MTS/COM+
that
> use a common connect string to connect to the database. The COM component
> coudl return the id and password.
> You could store id and password in the registry which would be slightly
> harder to find that an INI file.
> You could store the ID in the registry and create a SQL server password
for
> the user that is an encrypted version of the ID (so that you just encrypt
> the id to get the password). You must then have your own way of verify
the
> password that the user types in.
>
> But the easist solution, is to use integrated security; and then the user
> will not have to login into your domain and the appl.
>
> --
> Thanks,
> David Satz
> Principal Software Engineer
> Hyperion Solutions
> ->Using SQL Server 7.0 SP2/6.5 SP5a/Cold Fusion 4.5.1/ADO 2.1/VB 6.0/MTS
> (Please reply to group only)
> -----------------------------------------------------------------
>
> "steven" <steven_tan@yahoo.com.sg> wrote in message
> news:3a382c4c$1@news.devx.com...
> >
> > Hi,
> >
> > Wonder if anyone can help? Currently users are accessing via an
> application
> > using the appl ID and Password to connect to the SQL database. The SQL
> Server
> > is deployed using standard security. The appl ID and pw is stored
> encrypted
> > in an INI file and the appl decypts it and send the ID and Password in
> clear
> > to connect to the SQL server.
> >
> > Is there any way to store this appl ID and Password encrypted in the
> database
> > and still allow the application to connect to the SQL Server?
>
>

[DaveSatz]

I did read the question, but was proposing several solutions, including one
that stores the password at least in the db:
"You could store the ID in the registry and create a SQL server password for
the user that is an encrypted version of the ID (so that you just encrypt
the id to get the password). You must then have your own way of verify the
password that the user types in."

"D. Patrick Hoerter" <phoerter@NO_SPAMMERS_bellatlantic.NET_net> wrote in
message news:3a3aee4a@news.devx.com...
> Dave,
>
> I don't believe you read his question. He asked if it was possible to
> store that information _in the database_.
>
> Since he is already using encryption with an ini file, using the
> connection string in MTS, or using a registry key, are just more of the
> same.
>
> The answer to his actual question, of course, is 'No'.
>
> Regards,
> D. Patrick Hoerter
>
> DaveSatz <davidsatz@yahoo.com> wrote in message
> news:3a38cfd4$1@news.devx.com...
> > There are lots of ways, but it depends on your f/e.
> > If it is VB, you can connect to a COM component running under MTS/COM+
> that
> > use a common connect string to connect to the database. The COM
component
> > coudl return the id and password.
> > You could store id and password in the registry which would be slightly
> > harder to find that an INI file.
> > You could store the ID in the registry and create a SQL server password
> for
> > the user that is an encrypted version of the ID (so that you just
encrypt
> > the id to get the password). You must then have your own way of verify
> the
> > password that the user types in.
> >
> > But the easist solution, is to use integrated security; and then the
user
> > will not have to login into your domain and the appl.
> >
> > --
> > Thanks,
> > David Satz
> > Principal Software Engineer
> > Hyperion Solutions
> > ->Using SQL Server 7.0 SP2/6.5 SP5a/Cold Fusion 4.5.1/ADO 2.1/VB 6.0/MTS
> > (Please reply to group only)
> > -----------------------------------------------------------------
> >
> > "steven" <steven_tan@yahoo.com.sg> wrote in message
> > news:3a382c4c$1@news.devx.com...
> > >
> > > Hi,
> > >
> > > Wonder if anyone can help? Currently users are accessing via an
> > application
> > > using the appl ID and Password to connect to the SQL database. The SQL
> > Server
> > > is deployed using standard security. The appl ID and pw is stored
> > encrypted
> > > in an INI file and the appl decypts it and send the ID and Password in
> > clear
> > > to connect to the SQL server.
> > >
> > > Is there any way to store this appl ID and Password encrypted in the
> > database
> > > and still allow the application to connect to the SQL Server?
> >
> >
>
>

[steven]

Many Thanks for both the helpful replies. Happy New Year.



"DaveSatz" <davidsatz@yahoo.com> wrote:
>I did read the question, but was proposing several solutions, including
one
>that stores the password at least in the db:
>"You could store the ID in the registry and create a SQL server password
for
>the user that is an encrypted version of the ID (so that you just encrypt
>the id to get the password). You must then have your own way of verify
the
>password that the user types in."
>
>"D. Patrick Hoerter" <phoerter@NO_SPAMMERS_bellatlantic.NET_net> wrote in
>message news:3a3aee4a@news.devx.com...
>> Dave,
>>
>> I don't believe you read his question. He asked if it was possible
to
>> store that information _in the database_.
>>
>> Since he is already using encryption with an ini file, using the
>> connection string in MTS, or using a registry key, are just more of the
>> same.
>>
>> The answer to his actual question, of course, is 'No'.
>>
>> Regards,
>> D. Patrick Hoerter
>>
>> DaveSatz <davidsatz@yahoo.com> wrote in message
>> news:3a38cfd4$1@news.devx.com...
>> > There are lots of ways, but it depends on your f/e.
>> > If it is VB, you can connect to a COM component running under MTS/COM+
>> that
>> > use a common connect string to connect to the database. The COM
>component
>> > coudl return the id and password.
>> > You could store id and password in the registry which would be slightly
>> > harder to find that an INI file.
>> > You could store the ID in the registry and create a SQL server password
>> for
>> > the user that is an encrypted version of the ID (so that you just
>encrypt
>> > the id to get the password). You must then have your own way of verify
>> the
>> > password that the user types in.
>> >
>> > But the easist solution, is to use integrated security; and then the
>user
>> > will not have to login into your domain and the appl.
>> >
>> > --
>> > Thanks,
>> > David Satz
>> > Principal Software Engineer
>> > Hyperion Solutions
>> > ->Using SQL Server 7.0 SP2/6.5 SP5a/Cold Fusion 4.5.1/ADO 2.1/VB 6.0/MTS
>> > (Please reply to group only)
>> > -----------------------------------------------------------------
>> >
>> > "steven" <steven_tan@yahoo.com.sg> wrote in message
>> > news:3a382c4c$1@news.devx.com...
>> > >
>> > > Hi,
>> > >
>> > > Wonder if anyone can help? Currently users are accessing via an
>> > application
>> > > using the appl ID and Password to connect to the SQL database. The
SQL
>> > Server
>> > > is deployed using standard security. The appl ID and pw is stored
>> > encrypted
>> > > in an INI file and the appl decypts it and send the ID and Password
in
>> > clear
>> > > to connect to the SQL server.
>> > >
>> > > Is there any way to store this appl ID and Password encrypted in the
>> > database
>> > > and still allow the application to connect to the SQL Server?
>> >
>> >
>>
>>
>
>