Re: Password security [where is the password] - Mailing list pgsql-odbc

Mon, Jan 22, 2007 at 10:48:15AM -0200, Ezequias Rodrigues da Rocha napsal(a):
> 2007/1/22, Ludek Finstrle <luf@pzkagis.cz>:
> >Mon, Jan 22, 2007 at 09:39:17AM -0200, Ezequias Rodrigues da Rocha
> >napsal(a):
> >> The latest item (FILE) where is it specifically?
> >
> >Hmmm, what OS are you using?
> >I suppose it's Windows. Have you already used "ODBC Data Source
> >Administrator"? If you aren't  let's try it. It's located in
> >Administrative
> >tools (in Control panel). There are some tabpages:
> >1) User DSN (stored in HKCU)
> >2) System DSN (stored in HKLM - you can specify the ACL with regedt32)
> >3) File DSN - you specify the file when you adding the DSN
> >
> >> I must garantee that only admin users can see this password by now. Any
> >> other help
> >
> >You can do it with 2) System DSN with correct registry ACL on the DSN or
> >with 3) File DSN with correct File ACL.
>
> Many acronyms. My clients are Windows. I really don't know how to make this
> work. What is ACL ?

ACL = access control list
file ACL (in explorer mouse right click on file -> Properties -> tab Security)
registry ACL (in regedt32 choose the key and in menu Security -> Permissions)
DSN = ODBC DataSource

Let's run "DataSources (ODBC)" or how is the manager named in Control Panel,
define some DSN (User x System x File) and then let's try change the
ACL for it in registry or in filesystem. Then you can verify it as admin
and normal user.

Feel free to ask more if something doesn't work as you expect.
I hope I give you all informations what you need.

Regards,

Luf

> >> 2007/1/22, Ludek Finstrle < luf@pzkagis.cz>:
> >> >
> >> >> I would like to know where is the password setted on the connection
> >> >Dialog.
> >> >> If it remains after the client shutdown it must be in some place in
> >the
> >> >hard
> >> >> disk. I am afread about it. Can anyone tell me if someone can catch
> >it
> >> >> (hacker) ?
> >> >
> >> >It's stored in registry:
> >> >System DSN:
> >> >HKLM\Software\ODBC\ODBC.INI\<DSN name> in string value Password.
> >> >All the users with access to the computer can read it (don't forgot
> >> >the network registry access).
> >> >
> >> >User DSN:
> >> >HKCU\Software\ODBC\ODBC.INI\<DSN name> in string value Password.
> >> >If everything is properly only the user and Admin can read it.
> >> >
> >> >File DSN:
> >> >in file
> >> >All the users with access to the file can read it.
> >> >
> >> >Regards,
> >> >
> >> >Luf
> >> >
> >> >P.S. The admin could change the default ACL on registry tree.