Re: [libreoffice-users] Re: Base: connecting to a DB without requiring a password

[Blake McBride]

Thanks for the help and pointer!


On Tue, Dec 22, 2015 at 5:24 PM, Andreas Säger  wrote:

> Am 22.12.2015 um 20:26 schrieb Blake McBride:
> > I am trying to build a simple interface app for a user.  With 35 years
> > experience in software development, I can tell you:
> >
> > 1.  It is customary to password protect a database to prevent
> unauthorized
> > access.
> >
> > 2.  It is customary for applications that validate a user to have the
> > password embedded in the program so that each user doesn't have to know
> the
> > DB password.
> >
>
> You can store the password in the database document but the GUI does not
> offer this option. The database document is zipped XML with no
> encryption. If you save the user's database password in the document,
> anybody with a zip tool and editor can read it.
>
> > That is what I am trying to do with Base.  (Also, I see no relationship
> > between your link and my question.)
> >
>
> As a professional with 35 years experience in software development you
> should be able to read. If you had one drink too many, the screenshot
> indicates clearly that my tool can store the log-in flag, the user name
> and the passord (together with jdbc:hsqldb: connection parameters).
>
> If you have any problem with code written by hobbyists, you may be
> satisfied with this reference:
>
> >
> http://api.libreoffice.org/docs/idl/ref/servicecom_1_1sun_1_1star_1_1sdb_1_1DataSource.html
>
> which should help you to write your own code storing a password in a
> database document.
>
>
> --
> To unsubscribe e-mail to: users+unsubscr...@global.libreoffice.org
> Problems?
> http://www.libreoffice.org/get-help/mailing-lists/how-to-unsubscribe/
> Posting guidelines + more: http://wiki.documentfoundation.org/Netiquette
> List archive: http://listarchives.libreoffice.org/global/users/
> All messages sent to this list will be publicly archived and cannot be
> deleted
>

-- 
To unsubscribe e-mail to: users+unsubscr...@global.libreoffice.org
Problems? http://www.libreoffice.org/get-help/mailing-lists/how-to-unsubscribe/
Posting guidelines + more: http://wiki.documentfoundation.org/Netiquette
List archive: http://listarchives.libreoffice.org/global/users/
All messages sent to this list will be publicly archived and cannot be deleted

Re: [libreoffice-users] Re: Base: connecting to a DB without requiring a password

[Blake McBride]

I am trying to build a simple interface app for a user.  With 35 years
experience in software development, I can tell you:

1.  It is customary to password protect a database to prevent unauthorized
access.

2.  It is customary for applications that validate a user to have the
password embedded in the program so that each user doesn't have to know the
DB password.

That is what I am trying to do with Base.  (Also, I see no relationship
between your link and my question.)

Thanks.

Blake McBride


On Mon, Dec 21, 2015 at 4:18 PM, Andreas Säger  wrote:

> Am 21.12.2015 um 22:47 schrieb Blake McBride:
> > What I want is to keep the password on the database but not require user
> > entry of it.  I have tried a bunch of stuff.  I added UserName and
> Password
> > to the odbc,ini file.  I also tried adding "Password=xyz" to Base's
> > database properties under ODBC options.  I also tried unchecking the
> > "Password required" option on Base DB setup.
> >
> > No matter what I do, it insists on getting a password.
> >
>
> Of course it does. If you are the admininstrator of that database remove
> the password from your database account. If not, ask the responsible
> admin to do it for you.
>
> Anyhow:
> https://forum.openoffice.org/en/forum/viewtopic.php?f=21=77543 lets
> you store the "password required", the user name and the password
> _unencrypted_ within the database front-end. It is definitively a
> security breach.
> Install the oxt and call Tools>Macros>Run>FreeHSQLDB.FreeHSQLDB.Main.
> The macro shows a dialog to connect this document with an external
> HSQLDB but the upper part with registration and log-in works with all
> types of databases.
>
>
> --
> To unsubscribe e-mail to: users+unsubscr...@global.libreoffice.org
> Problems?
> http://www.libreoffice.org/get-help/mailing-lists/how-to-unsubscribe/
> Posting guidelines + more: http://wiki.documentfoundation.org/Netiquette
> List archive: http://listarchives.libreoffice.org/global/users/
> All messages sent to this list will be publicly archived and cannot be
> deleted
>

-- 
To unsubscribe e-mail to: users+unsubscr...@global.libreoffice.org
Problems? http://www.libreoffice.org/get-help/mailing-lists/how-to-unsubscribe/
Posting guidelines + more: http://wiki.documentfoundation.org/Netiquette
List archive: http://listarchives.libreoffice.org/global/users/
All messages sent to this list will be publicly archived and cannot be deleted

[libreoffice-users] Re: Base: connecting to a DB without requiring a password

[Andreas Säger]

Am 22.12.2015 um 20:26 schrieb Blake McBride:
> I am trying to build a simple interface app for a user.  With 35 years
> experience in software development, I can tell you:
> 
> 1.  It is customary to password protect a database to prevent unauthorized
> access.
> 
> 2.  It is customary for applications that validate a user to have the
> password embedded in the program so that each user doesn't have to know the
> DB password.
> 

You can store the password in the database document but the GUI does not
offer this option. The database document is zipped XML with no
encryption. If you save the user's database password in the document,
anybody with a zip tool and editor can read it.

> That is what I am trying to do with Base.  (Also, I see no relationship
> between your link and my question.)
> 

As a professional with 35 years experience in software development you
should be able to read. If you had one drink too many, the screenshot
indicates clearly that my tool can store the log-in flag, the user name
and the passord (together with jdbc:hsqldb: connection parameters).

If you have any problem with code written by hobbyists, you may be
satisfied with this reference:

> http://api.libreoffice.org/docs/idl/ref/servicecom_1_1sun_1_1star_1_1sdb_1_1DataSource.html

which should help you to write your own code storing a password in a
database document.


-- 
To unsubscribe e-mail to: users+unsubscr...@global.libreoffice.org
Problems? http://www.libreoffice.org/get-help/mailing-lists/how-to-unsubscribe/
Posting guidelines + more: http://wiki.documentfoundation.org/Netiquette
List archive: http://listarchives.libreoffice.org/global/users/
All messages sent to this list will be publicly archived and cannot be deleted

[libreoffice-users] Re: Base: connecting to a DB without requiring a password

[Andreas Säger]

Am 21.12.2015 um 22:47 schrieb Blake McBride:
> What I want is to keep the password on the database but not require user
> entry of it.  I have tried a bunch of stuff.  I added UserName and Password
> to the odbc,ini file.  I also tried adding "Password=xyz" to Base's
> database properties under ODBC options.  I also tried unchecking the
> "Password required" option on Base DB setup.
> 
> No matter what I do, it insists on getting a password.
> 

Of course it does. If you are the admininstrator of that database remove
the password from your database account. If not, ask the responsible
admin to do it for you.

Anyhow:
https://forum.openoffice.org/en/forum/viewtopic.php?f=21=77543 lets
you store the "password required", the user name and the password
_unencrypted_ within the database front-end. It is definitively a
security breach.
Install the oxt and call Tools>Macros>Run>FreeHSQLDB.FreeHSQLDB.Main.
The macro shows a dialog to connect this document with an external
HSQLDB but the upper part with registration and log-in works with all
types of databases.


-- 
To unsubscribe e-mail to: users+unsubscr...@global.libreoffice.org
Problems? http://www.libreoffice.org/get-help/mailing-lists/how-to-unsubscribe/
Posting guidelines + more: http://wiki.documentfoundation.org/Netiquette
List archive: http://listarchives.libreoffice.org/global/users/
All messages sent to this list will be publicly archived and cannot be deleted