|
|
|
Question : Password stored on Sybase (Encrypt/Decrypt) ?
|
|
Hi,
I need to develop password check (encrypt/decrypt) on my procedure.
Basically, I am passing the login/password on MSAccess form, The form will call the password check procedure which I'm going to write on the Sybase.
There many standard I need to follow while developing a code for this.
Can anybody help me on this ? Logic/Code will be highly appreciated.
Thanks
C.M
|
Answer : Password stored on Sybase (Encrypt/Decrypt) ?
|
|
In order to be compliant with C2 level security requirements, and for security in general, all passwords passed to Sybase ASE are encrypted by default. This prevents sniffers and other programs from compromising the security of the database. For additional security, ssl and certicom certificates are supported as well. If you try to roll your own security mechanism, it will be far less secure than what is already available.
Security is provided at the ODBC layer, so there's no need to try to wrap an ODBC connection in additional security. Use a sniffer to look at the packets sent in an authentication session so you can see for yourself.
I would recommend that you synchronize passwords between the Access front end and the Sybase back end and unify the logins. If the user passes a username/password to the application, a connection would be attempted with those credentials to the back end. If that succeeds, the user has rights to the application. If it fails, they do not. It's a simple and secure method that you don't have to waste a lot of time implementing, as the work's already done for you.
Greg
|
|
|
|
|
|
|
