Devart Forums

Discussion forums for open issues and questions concerning database tools, data access components and developer tools from Devart
https://forums.devart.com/

Any way to use TMyConnection without hardcoded password?

https://forums.devart.com/viewtopic.php?f=7&t=12700

Page 1 of 1

Any way to use TMyConnection without hardcoded password?

Posted: Tue 19 Aug 2008 13:05
by nelson
hello Devart

is there any way to use the TMyConnection without writing the password into the code? i already decrypt the login information with blowfish, using SSL and protecting my application with an protection tool. but what, if a very good cracker gets anyway the password of the MySQL database?

is there any other way to get a connection ressource to assign it to the TMyConnection, like over http (php) or any other thing, that i don't need to write the login information into the code?

if not: how secure is the password crypt from MyDAC? when will the password be encrypted on sening to the server?

thanks in any help 8)

Re: Any way to use TMyConnection without hardcoded password?

Posted: Tue 19 Aug 2008 16:23
by eduardosic
nelson wrote:hello Devart

is there any way to use the TMyConnection without writing the password into the code? i already decrypt the login information with blowfish, using SSL and protecting my application with an protection tool. but what, if a very good cracker gets anyway the password of the MySQL database?

is there any other way to get a connection ressource to assign it to the TMyConnection, like over http (php) or any other thing, that i don't need to write the login information into the code?

if not: how secure is the password crypt from MyDAC? when will the password be encrypted on sening to the server?

thanks in any help 8)
Hi Nelson!

you can try
MyConnection.PassWord := Chr( 65 ) + Chr( 66 );
if you password is 'ab' don't write ab in code.. make a string with ascii.

or

you can generate a encripted string with you function and decript in run time:

ex: 'mypass' > with you encript function result 'x48%¨&7'

you can use:

MyConnection.PassWord := youDecriptFunction( 'x48%¨&7' );

ok?

Re: Any way to use TMyConnection without hardcoded password?

Posted: Wed 20 Aug 2008 14:33
by Dimon
nelson wrote:if not: how secure is the password crypt from MyDAC? when will the password be encrypted on sening to the server?
If you input a user password in design time, MyDAC won't keep it in encrypted format - just in plain form. Therefore the best way is to input the password in connection dialog on start up application.
MyDAC does not send password to the MySQL server, it only hashes the password for security ensuring.

Posted: Wed 20 Aug 2008 15:25
by nelson
okay, thank you guys 8)
All times are UTC
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Limited
https://www.phpbb.com/