` Printed Icetips Article

Icetips Article



SQL Related Articles: Turning tracing off
2002-08-11 -- Dan Pressnell & Arnor Baldvinsson
 
If you use a DSN-less connection with ODBC, and tracing is turned on in win.ini, then the username and password shows up in the trace file.
 
Only good solution I see for security is when a program is shipped, have this in program startup:
If GetIni('cwodbc', 'trace') = 1
  Message('Cannot run with tracing on.')
  Halt()
End
I hope somebody can correct me and give a better solution.
 
Dan
How about:
 
Before logging into the database:
Loc:TraceStatus = GetIni('cwodbc', 'trace')
If Loc:TraceStatus = 1
  PutIni('cwodbc', 'trace', 0)
End
After logging into the database:
PutIni('cwodbc', 'trace', Loc:TraceStatus)
If the username etc. is only showed in the trace during the initial logon, this would probably do it. Put this in before the connect window appears and after it closes.
 
Arnor
My testing shows that doesn't work. Apparently the program's logging status is determined only at program startup. Setting the ini entry to zero later doesn't turn off the logging.
 
By the way, maybe ....
If GetIni('cwodbc', 'trace') <> 0
... might be better.
 
Dan
Here is the best solution I've found. Do this when the program starts:
  If GetIni('cwodbc','trace') <> 0
    PutIni('cwodbc', 'trace', 0)
    Chain(Command(0) & ' ' & Command())
  End
Dan


 
While a DSN-less connection with trace turned on will show the connect string in your trace log, if you use PWD= instead of PASSWORD=, the password gets masked. For example:
'driver=some driver;user=someuser;password=mypassword;'
... will show the password. But if you use this:
'driver=some driver;user=someuser;PWD=mypassword;'
... then the password is masked as "********" in the trace log. Dan



Printed November 23, 2024, 3:33 am
This article has been viewed/printed 35225 times.
Google search has resulted in 22 hits on this article since January 25, 2004.