three_sixteen
Gawd
- Joined
- Feb 15, 2002
- Messages
- 1,003
Hey guys, I'm looking for some advice here. I'm writing a program that interfaces with a remote SQL database. I wanted to know how you guys would securely pass along SQL commands to the server. I don't know how to go about sending the user password securely so it can't be snooped with a packet sniffer when people execute functions within the program.
My fear is that it's being passed in plain text.
How, also, would you pass information securely within the program so it can't be modified in memory?
This is probably a very wide scope problem, so I appreciate any response.
My fear is that it's being passed in plain text.
How, also, would you pass information securely within the program so it can't be modified in memory?
This is probably a very wide scope problem, so I appreciate any response.
Code:
ReadOnly connectionString As String = "server=server; user id=user; password=password; database=database"
Public Function userLogin(ByVal sender As System.Object, ByVal u As String, ByVal p As String) As String
db.ConnectionString = connectionString
Try
db.Open()
query.Connection = db
query.CommandText = "SELECT username FROM authors WHERE password = MD5('" & p & "')"
userName = query.ExecuteScalar
db.Close()
db.Dispose()
Return userName
Catch myerror As MySqlException
MessageBox.Show("Error Connecting to Database: " & myerror.Message)
db.Dispose()
Return False
End Try
End Function