I want to hardcode the credentials for connection to an Access database.
My connection string currently looks like
$strConn = "Provider = Microsoft.Jet.OLEDB.4.0;Data Source = $dbName;
And this works fine, but I am prompted to enter a "User Name" and "Password". I have researched Access connection strings, but I can only find one that includes password (not user)
$strConn = "Provider = Microsoft.Jet.OLEDB.4.0; Data Source=c:\App1\Your_Database_Name.mdb; Jet OLEDB:Database Password=Your_Password"
I have tried using this (as well as combinations of user/username/uid etc) but have not found anything that works.
Here is the window that is popping up (service name is automatically populated):
Looks similar to this: Oracle ODBC Driver Connect always asking for password
I believe it has something to do with the Access database being linked to an oracle database. Is this out of my hands?
You can get direct access to a linked table by using its connection string, and filling in the user and password. For Oracle, the connection string structure can vary upon the used provider. View ConnectionStrings.com for a list of options (most likely option is Provider=OraOLEDB.Oracle;Data Source=MyOracleDB;User Id=myUsername; Password=myPassword;).
You can obtain the current connection string for the linked table by querying MSysObjects inside Microsoft Access:
SELECT MSysObjects.Connect
FROM MSysObjects
WHERE MSysObjects.Name="MyLinkedTableName";
You can even change the connection string to include your username and password, if you wanted (see this answer).
However, take note that the one who originally linked the tables in Access, chose not to include a username and password. Including a username and password in an unsecured Access database might pose a security risk.
Also, take note that if you connect directly to the Oracle database, you must reference the table names as defined there, and use the proper SQL variant to query it.
According to the handy reference page ConnectionStrings.com, pass User Id=<username> and Password=<password> like so,
Provider=Microsoft.Jet.OLEDB.4.0;Data Source=C:\mydatabase.mdb;User Id=admin;
Password=Pa$$w0rd;
Related
Hi I have managed to implement container managed authentication in weblogic 12c with an SQLAuthenticator. I am successfully loging in with the users I create in the database when the password setting is set to PLAINTEXT in the provider specific sqlauthenticator settings and the database value is not encrypted.
If I am storing the user's password inside the database using the following code though I cannot login:
String encPass = "{SHA-1}" + new sun.misc.BASE64Encoder()
.encode(java.security.MessageDigest.getInstance("SHA1")
.digest(newUser.getPassword().getBytes()));
By providing the password "weblogic1" this value is stored in the db: {SHA-1}r49g3WeQasgoe6ODQ+5fa4Ic5tk=
In my SQLAuthenticator provider specific settings I have "Plaintext Passwords Enabled" set to false, "Password Style Retained" set to true, Password Algorithm: set to SHA-1.
When I run
request.login(email, password);
It throws the Authentication Failed exception...
What am I doing wrong?
A little late, but I think I can answer this one for you.
From the sound of things, your code was in fact correct, however, as you discovered, your tables were not properly set up.
When configuring your RDBMS authentication, it is assumed that you have three tables in your DB, they are:
users (username, password, description)
groupmembers (group name, group member)
groups (group name, group description)
I expect you were mostly there, but lacking the description column for the "users" and "groups" tables was causing your problems.
You can check out this link from Oracle's online documentation for more info:
https://docs.oracle.com/cd/E21764_01/web.1111/e13707/atn.htm#SECMG195
OK, my code now runs correctly but I don't know why. The only thing I changed is that I added some description columns to my tables and fixed my queries in the provider description accordingly. This shouldn't actually affect the login, just the user creation from the weblogic console which didn't work. Maybe weblogic just needed a few restarts IDK.
I'm trying to link an ODBC database - which I have no control on - in MS Access 2007 using a Machine Data Source - I don't know if that's relevant, from what I got this means that the access is set only on this computer -.
When I follow the wizard I can select the table but when the time comes to link it I get the error message:
The database engine can't find 'WTD.DATAPOINT_5/1000'. Make sure it is a valid parameter or alias name, that it doesn't include characters or punctuation, and that the name isn't too long
I think that the problem is that one of the field is named WTD.DATAPOINT_5/1000 and that Access interprets /as a symbol of its own.
The thing is that I don't even need the data stored in this column. Right now I don't know which way to go.
Find a way to tell Access that the / is part of the field name. (Highly improbable)
Retrieve only some fields from the table using built-in Access functions.
Set the connection manually using vba and retrieving only some of the fiels. If this is the way to go I would like some pointers as I have no idea where to start.
Solution number 2: use a passthrough SQL query.
Everything is explained in this tutorial.
Solution number 3: I tried to connect directly in VBA. The code bellow works like a charm for other tables but I still get an error for the table containing the problematic field.
Dim ConnectionStr As String
ConnectionStr = "ODBC;Driver={Oracle in OraHome92};Dbq=BLA1;Uid=BLA2;Pwd=BLA3;"
DoCmd.TransferDatabase acImport, "ODBC Database", ConnectionStr, acTable, "MyTable", "NewTable"
I have only FTP and MySql access parameters. My client didn't tell me the password to access the dashboard. How could I recovery it?
(I haven't email access, so I can't use the normal recovery and I can't contact my client before next 2 day...)
Copy the password hash of one of your customer (or create a new one) from ps_customers table to the password field of employee in ps_employee table.
PS: pub#prestashop.com customer is created by default, if still exists use that password hash. (Password for this customer is 123456789).
Use any free online MD5 generator like http://www.md5hashgenerator.com
but ecode COOKIE_KEY from settings.inc.php and new Password (with no space).
'COOKIE_KEYNewPassword' example 'bWZbVe5OEq4nwbWZbVe5OEq4nwbVe5OEq4nwnJI2xj8g3nAW1GC1y5KTwMyPassword’
Now cope your new password (MyPassword) to the ps_employee table in your database instead of the old pass.
In your database go and look at the table named PS_employee
While there add a new line with appropriate info and for password use this generator
http://www.md5hashgenerator.com
BR's
(don't forget to accept when this answer helps you )
I've been given a VBcode by my company to work on.
I have an SQL file that I have to run in order to create the tables in my database.
The connection string that I have to open a connection with on my vb.net is the following:
"Provider=SQLOLEDB.1;Integrated Security=SSPI;Persist Security Info=False;Initial Catalog=Test;Data Source=DATOR06"
I need to know what the name of their database is so I can create something similar in my own local PC.
In the connection string Initial Catalog represents the Database name.
in your case "Test" is your database name.
It's under Initial Catalog=Test so in your instance the Database name is Test and the DataSource is DATOR06.
Initial Catalog=Test
Test is the database name, in connection string Initial Catalog represent the db name.
Initial Catalog tells you the name of the database, in this case is Test
I was trying to stress test my system's login unit. My system is designed like this -
if the user enters userid - abcd and password pass then the server takes these parameters and prepares an sql command and fires it to the microsoft database-
select password from UserInformationTable where userid = 'abcd';
The returned value is compared with the given password pass and result is then sent to the client.
I successfully broken into the system using the following method -
user enters userid - <abcd1 or drop table UserInformationTable >. This worked and my complete UserInformationTable got dropped.
Is there any graceful way of handling such a hacking problem. One way is to detect 'or' substring in the userid, but I did not find this very graceful. Is there any way I can restrict the no. of queries in a statement in microsoft sql ?
Thanks and Regards,
Radz
This is the SQL injection problem illustrated by the famous "Bobby Tables" cartoon.
Here is some info on how to fix it for MS SQL. Read especially #Rook's answer.
You have two problems.
You are subject to SQL injection attack as described by other users. Solve that problem by sanitizing your input and/or using parameterized queries.
You should neither store nor transmit plain text passwords. Why? See this story on Slashdot. The solution to this problem is to use one-way encryption to create a password hash to store in the database. When the user tries to log in use the same encryption on the password he or she provides, then search your database to see if a row exists with the same userid and password hash.
Use parameters in SQL queries. They automatically prevent this. Something like this in C#:
SqlCommand comm = new SqlCommand(conn);
comm.CommandText = "SELECT * FROM foo WHERE bar = #id";
comm.CommandType = CommandType.Text;
SqlParameter param = new SqlParameter("#id", DbType.Int64);
param.Value = 3; // The actual value that replaces #id
comm.Parameters.Add(param);
// ...
This not only applies to C#, but basically all modern DB systems and languages support parameterized queries <- google it.
And second, your first query can be changed to:
SELECT userid FROM users WHERE username = 'foo' AND password = 'bar'
Then just count how many rows you got returned, if it's 0, then the user entered the wrong password.