`
SQL Related Articles: Turning tracing off 2002-08-11 -- Dan Pressnell & Arnor Baldvinsson If you use a DSN-less connection with ODBC, and tracing is turned on in
win.ini, then the username and password shows up in the trace file.
Only good solution I see for security is when a program is shipped, have this in program startup: If GetIni('cwodbc', 'trace') = 1 Message('Cannot run with tracing on.') Halt() EndI hope somebody can correct me and give a better solution. Dan How about: Before logging into the database: Loc:TraceStatus = GetIni('cwodbc', 'trace') If Loc:TraceStatus = 1 PutIni('cwodbc', 'trace', 0) EndAfter logging into the database: PutIni('cwodbc', 'trace', Loc:TraceStatus)If the username etc. is only showed in the trace during the initial logon, this would probably do it. Put this in before the connect window appears and after it closes. Arnor My testing shows that doesn't work. Apparently the program's logging status is determined only at program startup. Setting the ini entry to zero later doesn't turn off the logging. By the way, maybe .... If GetIni('cwodbc', 'trace') <> 0... might be better. Dan Here is the best solution I've found. Do this when the program starts: If GetIni('cwodbc','trace') <> 0 PutIni('cwodbc', 'trace', 0) Chain(Command(0) & ' ' & Command()) EndDan 22-August-2002 -- Dan Pressnell update While a DSN-less connection with trace turned on will show the connect string in your trace log, if you use PWD= instead of PASSWORD=, the password gets masked. For example: 'driver=some driver;user=someuser;password=mypassword;'... will show the password. But if you use this: 'driver=some driver;user=someuser;PWD=mypassword;'... then the password is masked as "********" in the trace log. Dan Printed November 23, 2024, 3:33 am This article has been viewed/printed 35225 times. Google search has resulted in 22 hits on this article since January 25, 2004. |