Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Usenet -> c.d.o.misc -> ODBC Security Terminated By Microsoft

ODBC Security Terminated By Microsoft

From: Daniel A. Morgan <dmorgan_at_exesolutions.com>
Date: 1997/04/10
Message-ID: <334DBFC8.2F34@exesolutions.com>#1/1

I put this information here with mixed feelings but will trust that those of you who visit this group are professionals who will not abuse this knowledge.

Microsoft, in its new release of ODBC (version 3), the one being distributed with Office '97 has knowingly compromised security for all ODBC systems on machines where Microsoft's ODBC manager is installed. This fact is clearly stated in the help system. We have tested it thoroughly and determined that it is easy to read user id and password from any machine to which someone can gain physical access, network access, or internet access.

If you have a database using ODBC, and you or your company need to have this data secure from internal and/or external exposure you MUST NOT allow any product on premises with the new ODBC manager or MUST rewrite the product to use Oracle Forms or Delphi or some other product that does not require ODBC.

My understanding is that this has been done intentionally so that Microsoft can force its data encryption scheme on the world.

Daniel A. Morgan Received on Thu Apr 10 1997 - 00:00:00 CDT

Original text of this message

HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US