Обсуждение: ODBC Security Concerns

Поиск
Список
Период
Сортировка

ODBC Security Concerns

От
jeam@themail.com
Дата:
Hi,

Don't know the security options of the ODBC driver, so I have this questions:

1.-By checking the CommLog box on the driver, 'psqlodb.log' is created with the password listed there. So some clever
usercan just go and tamper with the driver and he'll find a way into the database. 
Can this be prevented?

2.- Inside pg_hba.conf, in the record type "host" lines, the USERAUTH options are 'trust','reject','password', etc.
Is it possible to use the 'crypt' option when connecting via ODBC? What are the proper steps to accomplish this?

Many thanks in advance,

Jorge.
__________________________________________________________________
Make A Buck Or Two @ TheMail.com - Free Internet Email
Sign-up today at http://www.themail.com/ref.htm?ref=908313

Re: ODBC Security Concerns

От
Carolyn Lu Wong
Дата:
> 1.-By checking the CommLog box on the driver, 'psqlodb.log' is created with the password listed there. So some clever
usercan just go and tamper with the driver and he'll find a way into the database.
 
> Can this be prevented?

When configuring the ODBC driver, do not fill in the database, server,
username, password fields and uncheck the log option (I can't remember
the exact name for this). Setup the database connection string in your
program.

Hope this helps.

> 
> 2.- Inside pg_hba.conf, in the record type "host" lines, the USERAUTH options are 'trust','reject','password', etc.
> Is it possible to use the 'crypt' option when connecting via ODBC? What are the proper steps to accomplish this?
> 

I'd like to know the answer to this one too.