This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Choose Language Hide Translation Bar
FN
FN
Level VI

How to handle user password information in JSL ( ODBC connection strings )

Created: May 2, 2023 11:35 AM  |  Last Modified: Jun 9, 2023 12:09 PM (1759 views)
I am connecting to a database using ODBC, which has a specific user and password created for that purpose (not possible to use windows Active Directory, or other).

When the query is built, the table script stores the user ID.

Password is asked but it can also be coded directly into the connecting string in JSL.

What are the best options to handle such situations in JSL?

JMP files may be shared but updates should ask for specific user and password when executed for the first time.
0 Kudos
11 REPLIES 11
ih
Super User (Alumni) ih
Super User (Alumni)

Re: How to handle user password information in JSL ( ODBC connection strings )

Oct 6, 2023 12:41 PM (269 views)  |  Posted in reply to message from hogi 10-06-2023

This is part of why I like using the windows credential store: the password just is not available to other users.  Storing the code or files containing those credentials in a place only accessible by select people might have a similar effect.

hogi
hogi
Level XI

Re: How to handle user password information in JSL ( ODBC connection strings )

2 weeks ago (72 views)  |  Posted in reply to message from ih 10-06-2023

How about this:

use Windows AD rights to control the database access:

  • generate a script to access the database - including the access rights for the database
  • encrypt the file in JMP such that no user can see the password in plain text
  • inside the script, try to access a file on a network share with AD access rights
    if a user is allowed to access the file, he can use the database access.
    for a user without access rights, the script will just show the error message

queryDB = Function( {SQLString},
	pwd = Load Text File( "network path with AD rights" );
	If( pwd = "my secret password",
		result = New SQL Query(
			Connection( "ODBC:DSN=database;PWD=xxx" ),
			QueryName( "new" ),
			CustomSQL( SQLString )
		),
		Caption( "no access rights" )
	)	
)
0 Kudos