sp_password time delay and security risk

[shmiller]

I'm using sp_password in some code to allow users to change their SQL password from my VB App. After a password change is made, I can connect using either the old password or the new password for a short period of time. Does anyone know why this is? Also, is there a security risk in using the ADO connection's .Execute method with a string that has passwords in it?
Here's what I'm doing:

strSQL = "EXEC sp_password '" & strOldPass & "','" & strNewPass & "'"
gcnn.Execute strSQL
'gcnn is my ADO connection

 

[tlbroadbent]

After you close the ADO connection, it is maintained for a short time in case you want to open it again. Therefore, it doesn't need to revalidate the password. I believe that if you set the connection to NOTHING it will close immediately. Terry L. Broadbent
faq183-874 contains some tips and ideas for posting questions in these forums. Please review it and comment if you have time.
NOTE: Reference to the FAQ is part of my signature and is not directed at any individual.