ODBC Security - passwords? - 08-11-2003 , 11:29 AM
I was reading the information on the net regarding ODBC security and
the use of passwords. I have read the article on the Microsoft
website titled "ODBC Security" and unless I misunderstood, it appears
that the tracing issue to expose passwords is NOT a problem for most
drivers, particularly after version 3.0.
I myself have turned on tracing using both the SQL Server ODBC driver
(v2000.81.9030.04) and the Microsoft ODBC for Oracle driver
(v2.573.9030.00) and noticed that neither one of these drivers expose
the password. So my question is what is all the fuss? A recent IT
guy at one of our client sites was adamant that the application
presented a security risk because it used ODBC and therefore,
potentially exposed the database password. I understand that I can
modify my application to use windows authentication, at least for SQL
Server but what is the motivation - more security against network
sniffing? Any help would be appreciated. Thanks.