none
ODBC Details in Registry

    Question

  • Hello,

    I work on an application developed in VC++. The application uses SQL Server as its back-end.
    Recently, our internal security testing team has performed security testing of our application.
    They have raised the following issues:

    1) We have to create an ODBC in order to connect our application to SQL server database.
    When an ODBC is created, its details are stored in the system registry.
    These details include database name, database user name, server name etc. These detials can be visible in registry. Any malicious user can use this information to perform attacks on the system.
    Is there any way we can hide these details so that these cannot be viewed by any user?

    2)When we compile the application using visual studio 2010, the path of the source code files is embedded into the executables. Is there any significance of this path? If not, is there any way we can prevent this?

    Please suggest if there is a solution for the above issues.
    Thanks in advance.

    Wednesday, April 29, 2015 12:02 PM

Answers

All replies