DSNs and Security

Results 1 to 2 of 2

Thread: DSNs and Security

  1. #1
    Join Date
    Dec 1969

    Default DSNs and Security

    Is it possible for someone to "sniff" the hard coded DSN/userid/password when someone does a ConnObj.Open (ADODB)? I&#039;m trying to finish up a security assessment of a web app that uses SSL for the .asp, but was asked this question in a meeting and didn&#039;t have a clue.<BR><BR>Also, can an account be compromised logging into one Oracle server from another Oracle server (again via sniffer, or any other way)? My concern is with the hard-coded dsn accounts that the webserver uses to talk to the backend database.

  2. #2
    Join Date
    Dec 1969

    Default RE: DSNs and Security

    Are you talking about the communication between web servers and databases servers? Sure....In theory. However, in practice, it&#039;s a pretty difficult task...And it becomes much harder in, say, a switched environment. <BR><BR>The bottom line is....If someone has gained the required level of network access to sniff packets being passed between your servers, you have much, much worse problems than losing a DSN password.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts