Any way to use TMyConnection without hardcoded password?

Discussion of open issues, suggestions and bugs regarding MyDAC (Data Access Components for MySQL) for Delphi, C++Builder, Lazarus (and FPC)
Post Reply
nelson
Posts: 7
Joined: Sun 02 Mar 2008 22:52

Any way to use TMyConnection without hardcoded password?

Post by nelson » Tue 19 Aug 2008 13:05

hello Devart

is there any way to use the TMyConnection without writing the password into the code? i already decrypt the login information with blowfish, using SSL and protecting my application with an protection tool. but what, if a very good cracker gets anyway the password of the MySQL database?

is there any other way to get a connection ressource to assign it to the TMyConnection, like over http (php) or any other thing, that i don't need to write the login information into the code?

if not: how secure is the password crypt from MyDAC? when will the password be encrypted on sening to the server?

thanks in any help 8)
Top
eduardosic
Posts: 387
Joined: Fri 18 Nov 2005 00:26
Location: Brazil

Re: Any way to use TMyConnection without hardcoded password?

Post by eduardosic » Tue 19 Aug 2008 16:23

nelson wrote:hello Devart

is there any way to use the TMyConnection without writing the password into the code? i already decrypt the login information with blowfish, using SSL and protecting my application with an protection tool. but what, if a very good cracker gets anyway the password of the MySQL database?

is there any other way to get a connection ressource to assign it to the TMyConnection, like over http (php) or any other thing, that i don't need to write the login information into the code?

if not: how secure is the password crypt from MyDAC? when will the password be encrypted on sening to the server?

thanks in any help 8)
Hi Nelson!

you can try
MyConnection.PassWord := Chr( 65 ) + Chr( 66 );
if you password is 'ab' don't write ab in code.. make a string with ascii.

or

you can generate a encripted string with you function and decript in run time:

ex: 'mypass' > with you encript function result 'x48%¨&7'

you can use:

MyConnection.PassWord := youDecriptFunction( 'x48%¨&7' );

ok?
Top
Dimon
Devart Team
Posts: 2910
Joined: Mon 05 Mar 2007 16:32

Re: Any way to use TMyConnection without hardcoded password?

Post by Dimon » Wed 20 Aug 2008 14:33

nelson wrote:if not: how secure is the password crypt from MyDAC? when will the password be encrypted on sening to the server?
If you input a user password in design time, MyDAC won't keep it in encrypted format - just in plain form. Therefore the best way is to input the password in connection dialog on start up application.
MyDAC does not send password to the MySQL server, it only hashes the password for security ensuring.
Top
nelson
Posts: 7
Joined: Sun 02 Mar 2008 22:52

Post by nelson » Wed 20 Aug 2008 15:25

okay, thank you guys 8)
Top
Post Reply

Return to “MySQL Data Access Components”