Re: [libreoffice-users] Re: Base: connecting to a DB without requiring a password
Thanks for the help and pointer! On Tue, Dec 22, 2015 at 5:24 PM, Andreas Sägerwrote: > Am 22.12.2015 um 20:26 schrieb Blake McBride: > > I am trying to build a simple interface app for a user. With 35 years > > experience in software development, I can tell you: > > > > 1. It is customary to password protect a database to prevent > unauthorized > > access. > > > > 2. It is customary for applications that validate a user to have the > > password embedded in the program so that each user doesn't have to know > the > > DB password. > > > > You can store the password in the database document but the GUI does not > offer this option. The database document is zipped XML with no > encryption. If you save the user's database password in the document, > anybody with a zip tool and editor can read it. > > > That is what I am trying to do with Base. (Also, I see no relationship > > between your link and my question.) > > > > As a professional with 35 years experience in software development you > should be able to read. If you had one drink too many, the screenshot > indicates clearly that my tool can store the log-in flag, the user name > and the passord (together with jdbc:hsqldb: connection parameters). > > If you have any problem with code written by hobbyists, you may be > satisfied with this reference: > > > > http://api.libreoffice.org/docs/idl/ref/servicecom_1_1sun_1_1star_1_1sdb_1_1DataSource.html > > which should help you to write your own code storing a password in a > database document. > > > -- > To unsubscribe e-mail to: users+unsubscr...@global.libreoffice.org > Problems? > http://www.libreoffice.org/get-help/mailing-lists/how-to-unsubscribe/ > Posting guidelines + more: http://wiki.documentfoundation.org/Netiquette > List archive: http://listarchives.libreoffice.org/global/users/ > All messages sent to this list will be publicly archived and cannot be > deleted > -- To unsubscribe e-mail to: users+unsubscr...@global.libreoffice.org Problems? http://www.libreoffice.org/get-help/mailing-lists/how-to-unsubscribe/ Posting guidelines + more: http://wiki.documentfoundation.org/Netiquette List archive: http://listarchives.libreoffice.org/global/users/ All messages sent to this list will be publicly archived and cannot be deleted
Re: [libreoffice-users] Re: Base: connecting to a DB without requiring a password
I am trying to build a simple interface app for a user. With 35 years experience in software development, I can tell you: 1. It is customary to password protect a database to prevent unauthorized access. 2. It is customary for applications that validate a user to have the password embedded in the program so that each user doesn't have to know the DB password. That is what I am trying to do with Base. (Also, I see no relationship between your link and my question.) Thanks. Blake McBride On Mon, Dec 21, 2015 at 4:18 PM, Andreas Sägerwrote: > Am 21.12.2015 um 22:47 schrieb Blake McBride: > > What I want is to keep the password on the database but not require user > > entry of it. I have tried a bunch of stuff. I added UserName and > Password > > to the odbc,ini file. I also tried adding "Password=xyz" to Base's > > database properties under ODBC options. I also tried unchecking the > > "Password required" option on Base DB setup. > > > > No matter what I do, it insists on getting a password. > > > > Of course it does. If you are the admininstrator of that database remove > the password from your database account. If not, ask the responsible > admin to do it for you. > > Anyhow: > https://forum.openoffice.org/en/forum/viewtopic.php?f=21=77543 lets > you store the "password required", the user name and the password > _unencrypted_ within the database front-end. It is definitively a > security breach. > Install the oxt and call Tools>Macros>Run>FreeHSQLDB.FreeHSQLDB.Main. > The macro shows a dialog to connect this document with an external > HSQLDB but the upper part with registration and log-in works with all > types of databases. > > > -- > To unsubscribe e-mail to: users+unsubscr...@global.libreoffice.org > Problems? > http://www.libreoffice.org/get-help/mailing-lists/how-to-unsubscribe/ > Posting guidelines + more: http://wiki.documentfoundation.org/Netiquette > List archive: http://listarchives.libreoffice.org/global/users/ > All messages sent to this list will be publicly archived and cannot be > deleted > -- To unsubscribe e-mail to: users+unsubscr...@global.libreoffice.org Problems? http://www.libreoffice.org/get-help/mailing-lists/how-to-unsubscribe/ Posting guidelines + more: http://wiki.documentfoundation.org/Netiquette List archive: http://listarchives.libreoffice.org/global/users/ All messages sent to this list will be publicly archived and cannot be deleted
[libreoffice-users] Re: Base: connecting to a DB without requiring a password
Am 22.12.2015 um 20:26 schrieb Blake McBride: > I am trying to build a simple interface app for a user. With 35 years > experience in software development, I can tell you: > > 1. It is customary to password protect a database to prevent unauthorized > access. > > 2. It is customary for applications that validate a user to have the > password embedded in the program so that each user doesn't have to know the > DB password. > You can store the password in the database document but the GUI does not offer this option. The database document is zipped XML with no encryption. If you save the user's database password in the document, anybody with a zip tool and editor can read it. > That is what I am trying to do with Base. (Also, I see no relationship > between your link and my question.) > As a professional with 35 years experience in software development you should be able to read. If you had one drink too many, the screenshot indicates clearly that my tool can store the log-in flag, the user name and the passord (together with jdbc:hsqldb: connection parameters). If you have any problem with code written by hobbyists, you may be satisfied with this reference: > http://api.libreoffice.org/docs/idl/ref/servicecom_1_1sun_1_1star_1_1sdb_1_1DataSource.html which should help you to write your own code storing a password in a database document. -- To unsubscribe e-mail to: users+unsubscr...@global.libreoffice.org Problems? http://www.libreoffice.org/get-help/mailing-lists/how-to-unsubscribe/ Posting guidelines + more: http://wiki.documentfoundation.org/Netiquette List archive: http://listarchives.libreoffice.org/global/users/ All messages sent to this list will be publicly archived and cannot be deleted
[libreoffice-users] Re: Base: connecting to a DB without requiring a password
Am 21.12.2015 um 22:47 schrieb Blake McBride: > What I want is to keep the password on the database but not require user > entry of it. I have tried a bunch of stuff. I added UserName and Password > to the odbc,ini file. I also tried adding "Password=xyz" to Base's > database properties under ODBC options. I also tried unchecking the > "Password required" option on Base DB setup. > > No matter what I do, it insists on getting a password. > Of course it does. If you are the admininstrator of that database remove the password from your database account. If not, ask the responsible admin to do it for you. Anyhow: https://forum.openoffice.org/en/forum/viewtopic.php?f=21=77543 lets you store the "password required", the user name and the password _unencrypted_ within the database front-end. It is definitively a security breach. Install the oxt and call Tools>Macros>Run>FreeHSQLDB.FreeHSQLDB.Main. The macro shows a dialog to connect this document with an external HSQLDB but the upper part with registration and log-in works with all types of databases. -- To unsubscribe e-mail to: users+unsubscr...@global.libreoffice.org Problems? http://www.libreoffice.org/get-help/mailing-lists/how-to-unsubscribe/ Posting guidelines + more: http://wiki.documentfoundation.org/Netiquette List archive: http://listarchives.libreoffice.org/global/users/ All messages sent to this list will be publicly archived and cannot be deleted