[11215] in bugtraq
Re: ms oledb data links
daemon@ATHENA.MIT.EDU (Microsoft Product Security Respons)
Sun Aug 1 01:29:02 1999
Message-Id: <D1A11CCE78ADD111A35500805FD43F58019792BB@RED-MSG-04>
Date: Fri, 30 Jul 1999 10:35:12 -0700
Reply-To: Microsoft Product Security Response Team <secure@MICROSOFT.COM>
From: Microsoft Product Security Response Team <secure@MICROSOFT.COM>
X-To: veiled aspect <veiled_aspect@hotmail.com>,
"ntbugtraq@listserv.ntbugtraq.com"
<ntbugtraq@listserv.ntbugtraq.com>,
"bugtraq@securityfocus.com" <bugtraq@securityfocus.com>
To: BUGTRAQ@SECURITYFOCUS.COM
Sounds like MDAC 2.1 is the solution for this problem. It provides the
ability to enable or disable saving of the password. If password saving is
enabled, a dialogue appears each time that the password is saved, reminding
the user that this is being done.
The registry key that governs this functionality is:
HKEY_CLASSES_ROOT\CLSID\{2206CDB2-19C1-11D1-89E0-00C04FD7A829}\fDPS. Setting
the value to a DWORD of 1 disables password saving.
Regards,
Secure@microsoft.com
>
>-----Original Message-----
>From: veiled aspect [mailto:veiled_aspect@hotmail.com]
>Sent: Wednesday, July 14, 1999 7:33 PM
>To: ntbugtraq@listserv.ntbugtraq.com; bugtraq@securityfocus.com;
>Security - Corporate Security Services
>Subject: ms oledb data links
>
>
>create a data link for OLE DB provider database connections & you'll see
>that MS stores the password for your database acct. in clear text in the
>.udl file. Double-clicking the file opens it with asterisks in the
>password
>
>field, but just open it in notepad for all the world to see.
>
>it's fine if you use Windows NT integrated security.
>
>data links have been around since ADO 2.0.
>
>-tripp
>tripp@pccinc.net
>
>
>_______________________________________________________________
>Get Free Email and Do More On The Web. Visit http://www.msn.com
