General discussion

Locked

Oracle8i SQL Scripts

By parier ·
I have a very large Oracle DB. I have a group that requires many custom queries that I do not want them poking around the DB at all and do not want to put out the money for 20 showCase licenses or any think like it. All users require (and have) Oracle client and they can use Plus80 to hit queries (using scripts similiar to below). I have created the queries and they all open on the users PC that runs them. This is how the scripts are created.

1. Create the SQL
SELECT
FROM
HAVING
GROUP BY
HEADER HEADER...................etc
This genereated a report to local 'C' and opens it in notepad.
2. Now there is a *.BAT file with the following command:
plus80 user/password@TEST @script.sql

Trying to make things more secure, how can I "compile" these two files together so the user cannot see the 'guts' (username password, connect string, etc)? I have VB6.0 Enterprise Edition but I'm not familiar with it, points offered are for hints that lead to the answer, definate resolution will double points. Additional ideas can be sent to BOTH eparisek@mtga.com and xmenx10@hotmail.com

Thank you,
Eric

This conversation is currently closed to new comments.

6 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Comments

Collapse -

Oracle8i SQL Scripts

by TimTheToolMan In reply to Oracle8i SQL Scripts

Hi,

Its even easier than using VB6... On the following site are two utilities that will be helpful to you...

BAT2COM or BAT2EXE

Either of these utilities directly converts a bat file into an executable!

http://home.wanadoo.nl/source/
(remove spaces from the above URL)

BUT... and this applies to the above solution or a VB executable... There is another utility called "strings" which will take an executable and pull out all the "Strings" in it, thus revealing the password.

I suggest you alter the bat file something like the following.

set a=p
set b=a
set c=s
set d=w
set e=o
set f=r
set g=d
set pwd=%a%%b%%c%%c%%d%%e%%f%%g%

...to break up the password "string" and make it unrecognisable - without reeeally trying hard, anyway!

Hope this helps,
Cheers,
Tim.

Collapse -

Oracle8i SQL Scripts

by TimTheToolMan In reply to Oracle8i SQL Scripts

Oh... And to secure the SQL source itself... I'd probably put it inline.

Maybe something like.

if exist c:\temp\temp.sql delete c:\temp\temp.sql

echo "sql statement1" >> c:\temp\temp.sql
echo "sql statement2" >> c:\temp\temp.sql
etc

set a=p
set b=a
set c=s
set d=w
set e=o
set f=r
set g=d
set pwd=%a%%b%%c%%c%%d%%e%%f%%g%

plus80 user/%pwd% @c:\temp\temp.sql

if exist c:\temp\temp.sql delete c:\temp\temp.sql

That should be safe enough.

Cheers,
Tim.

Collapse -

Oracle8i SQL Scripts

by parier In reply to Oracle8i SQL Scripts

The question was auto-closed by TechRepublic

Collapse -

Oracle8i SQL Scripts

by RRV In reply to Oracle8i SQL Scripts

I think it is quite simple if you know VB6. Use the latest MDAC 2.7. Also use connection string instead of dsn. Do not use username and password. For example, to connect to AS400 DB/2 i would use the below 2 VB6 code.
dim DB400 as new ADODB.Connection
DB400.Open "Provider=IBMDA400;Data Source=ServerName"
In this case username and password security box automatically comes. do u dont need to worry about that. Next to execute a query use the below 4 lines.
dim RS400 as new ADODB.Recordset
dimsSql as string
sSql="SELECT FROM HAVING GROUP BY HEADER HEADER..etc"
RS400.Open sSql, DB400, adOpenForwardOnly, adLockReadOnly, adFldIsNullable
This code should be enough to handle your security issues provided you can write and maintain connection provider strings in VB like above. All the best.

Collapse -

Oracle8i SQL Scripts

by parier In reply to Oracle8i SQL Scripts

The question was auto-closed by TechRepublic

Collapse -

Oracle8i SQL Scripts

by parier In reply to Oracle8i SQL Scripts

This question was auto closed due to inactivity

Back to Web Development Forum
6 total posts (Page 1 of 1)  

Related Forums