> I am not necessarily talking about passwords for users but about the > password that is used for connecting to the database. In a compiled > language you would have to look pretty hard in a dll to find where the > password had been encoded.
IT would be insanely bad practice to embed the password in the code, compiled or not. (And in fact its very easy to strip all the strings out of a compiled executable - the strings command on unix does exactly that...) BUt the real problem is that if the database gets hacked the database administrator can't change the pasword unless he can also edit the application source code and rebuild it! It is normal practice to have the password stored in a text file (that may be encrypted) and read it on startup of the program, or better still to pass the login details(username and password) in as startup command line parameters. That way the application can access multiple databases etc, or different tablespaces in the same instance etc etc. It's much more flexible and powerful as well as being much more secure. HTH, Alan G Author of the Learn to Program web tutor http://www.freenetpages.co.uk/hp/alan.gauld _______________________________________________ Tutor maillist - Tutor@python.org http://mail.python.org/mailman/listinfo/tutor
