2.0 guide microsoft odbc programmer reference sdk

Microsoft takes security issues seriously and will aggressively address any concerns regarding the use of debugging and troubleshooting tools. Application developers must thoroughly understand the use of ODBC development techniques for developing secure applications. Database system administrators, network security specialists, and troubleshooters for database applications should understand security issues regarding communications protocols, including ODBC and ODBC call tracing.

End users of Microsoft Office and other applications should simply follow the security guidelines outlined for their organizations. This support database is produced by Microsoft Product Support Services and provides information about Microsoft products, including problem reports, troubleshooting tips, fixlists, and general information.

Call tracing enables troubleshooting information to be logged to a file on the client machine. Trace entries are in text format and include parameters such as the connect string.

Some drivers include the user ID and password in this string for authentication on the server. The call tracing feature is off by default.

Under normal circumstances a developer or support technician turns on tracing, runs the application that accesses the database, and then examines the trace file. When tracing is enabled, it causes severe performance degradation and can quickly generate a huge log file.

A malicious user would have to take extreme measures to obtain authentication information using ODBC tracing. First, an assumption is made that applications don't use security methods to encrypt logon information. Then the malicious user must have physical access to the machine, enable call tracing, and wait for a legitimate user to log on to a secured database.

Because they are written primarily to demonstrate ODBC principles, efficiency has sometimes been set aside in the interest of clarity. In addition, whole sections of code have sometimes been omitted for clarity. Emerson, Sandra L. Melton, Jim, and Simon, Alan R. Trimble, J. Harvey, Jr. Gray, J. Stegman, Michael O. Skip to main content.

This browser is no longer supported. Download Microsoft Edge More info. Contents Exit focus mode.