Better way to hide Access Password 3

[ZOR]

Is there a better way to hide a password in code?

Set DB = WS.OpenDatabase(TRY3, True, False, ";pwd=SECRET")

Looks a bit obvious to say the least. I tried putting a string in place of Secret, but could not find the correct way.

Many thanks

 

[Swi]

You could use a variable but you still need to assign it's value at some point in the code.

Dim Password As String
Password = "SECRET"
Set DB = WS.OpenDatabase(TRY3, True, False, ";pwd=" & Password)

Swi

 

[ZOR]

Many thanks Swi. Seems unbelievable MS can't seem to give any thought to security during development of applications. No wonder it all gets hacked. Have a star anyway, as I had tried all variations I thought on the code. Regards

 

[Swi]

You could also have the password saved in a text file in the app path and have it encrypted and then read the text file and decrypt it when accessing the database. I agree, MS should have taken this into consideration.

Swi

 

[DrJavaJoe]

using
Password = "SECRET"
Compile and open the exe in notepad and search for "S E C R E T"

Now do this and try it again

Password = Chr(83) & Chr(69) & Chr(67) & Chr(82) & Chr(69) & Chr(84)


Two strings walk into a bar. The first string says to the bartender: 'Bartender, I'll have a beer. u.5n$x5t?*&4ru!2[sACC~ErJ'. The second string says: 'Pardon my friend, he isn't NULL terminated'.

 

[ZOR]

Thanks both. DrJavaJoe I will adopt that method. Have a star and thanks, tried earlier but site up/down. How do I hide the word "Password"? (only joking) Its bad enough having "pwd", what clever megabuck earner put that in?. Thanks again

 

[ZOR]

Sorry DrJavaJoe. You deserved a star here but the site went down last night. Regards

 

[CassandraR]

Some suggestions, if I may:

1. Don't use easily recognizable text, such as "SECRET". Use random characters, with random capitalization.

2. Don't just assign the password. Calculate the password. For example:

    ' In the procedure used:
    strPassword = "KqaOrI6"
    Call BuildPWD(strPassword)

   . . .

    ' In BuildPWD procedure, add:
Private Sub BuildPWD(ByRef strPW as String)
    strPW = strPW & Chr(34 + 27)
    strPW = strPW & Chr(15 * 6)
    ' et cetera
End Sub

You get the picture, right? Searching the exe file will not reveal password, since the password is not compiled as text.

Cassandra

 

[ZOR]

Thanks Cassandra. I will use DrJaveJoe's example wrapped up as your suggestion. Just a shame that ";pwd=" exists as a real pointer to a hacker. Anyway I have encrypted the Access DB, just hope that keeps everything out of sight. Have a star, thanks again

 

[CassandraR]

Glad to be of service, Zor. You are welcome.

Thanks for the star!!

Cassandra

 

[MatDavies]

I normally keep passwords in the registry, I encrypt them first.

Hard coding the password makes it harder to change should someone discover it, also but not storing it in the exe it doesn't matter that "PWD=" exists, as you will be using a variable anyway. The only place a hacker can find it is to look in the reg and try to decrypt it. Even then you don't have to use a reg key of PASSWORD, you could call it anything you like.

regards

Matt

If you can keep your head while those around you are losing theirs, you obviously haven't grasped the seriousness of the situation