I have this connection string in library to connect to sql server.
Function db()
connectionnameDev = "Description=connect to hh dev;DRIVER=ODBC Driver 13 for SQL Server;SERVER=xxx;UID=xxx;PWD=#xxx%;Trusted_Connection=No;APP=UFTBase;WSID=L-XP9550-xxx;"
Set objConnection = CreateObject("ADODB.Connection")
Set objRecordSet = CreateObject("ADODB.Recordset")
objConnection.Open connectionnameDev
End Function
This library is shared across the team. Now, everyone has access to the credentials. Each person has own database credentials. When they run scripts, they should run with their own credentials. What would be the correct approach to protect the database credentials so each person can run scripts with their own credentials?
If this is part of a framework, here's one idea we used in one of the teams I worked at. Our framework loaded multiple function libraries from ALM, but there was one function library that was always locally referenced, called "Load_myCredentials.qfl".
Each team member can have their credentials saved as global parameters/variables in a qfl file in their local C: drive, and the framework can just load this as a function library. Then the password becomes available throughout the test, yet the password does not become visible in any results. All you have to do is change the first line of your function db(), and parameterize the password part.
Related
I'm trying to take names of all windows user accounts. my code is working but it prints unnecessary user account also,
here is the code I'm using,
Dim query As New SelectQuery("Win32_UserAccount")
Dim searcher As New ManagementObjectSearcher(query)
For Each envVar As ManagementObject In searcher.[Get]()
Console.WriteLine(envVar("Name"))
Next
Output:
Administrator
DefaultAccount
Guest
Sam
WDAGUtilityAccount
Sam is the only user account I created on this PC. I can assume Administrator and Guest accounts come as default with windows. But DefaultAccount and WDAGUtilityAccount accounts are extremely unnecessary for printing in here. How can I prevent those unnecessary accounts printing from this code
As the Jimi's suggestion, I have updated my code by using Disabled property.
Win32_UserAccount class
Dim query As New SelectQuery("Win32_UserAccount")
Dim searcher As New ManagementObjectSearcher(query)
For Each envVar As ManagementObject In searcher.[Get]()
If Not envVar("Disabled").ToString.ToUpper.Equals("TRUE") Then
Console.WriteLine(envVar("Name"))
End If
Next
I have the following scenario:
Server A:abpWeb;
Server B:abpWeb;
A and B are based on MyCompanyName.AbpZero template, abp. Net core version 3.1.1;aspnetboilerplate
Browser access A:abpWeb and B:abpWeb. But after logging in, cookie shared is invalid.
A:User.Identity?.IsAuthenticated equals true after Browser access A:Login;
But refresh B:/index on the browser,B:User.Identity?.IsAuthenticated equals false;
The same browser domain for A and B is the same.
I created two new ASP.NET Core 2.0 MVC apps with ASP.NET Core Identity, using AddDataProtection for the normal shared cookie is ok.
I referred to:
https://learn.microsoft.com/en-us/aspnet/core/security/cookie-sharing?tabs=aspnetcore2x
I am searching for a long time on net. But no use. Please help or try to give some ideas how to achieve this.
Thanks in advance.
The keys that encrypt/decrypt your cookies are probably trying to be written to an invalid folder.
By default AddDataProtection tries to write these keys to:
%LOCALAPPDATA%\ASP.NET\DataProtection-Keys
As long as there is an environment variable being used to create the keys path, you will need to set the following config file setting to true.
Please also see my other answer here:
IIS - AddDataProtection PersistKeysToFileSystem not creating
Fix: Within %WINDIR%\System32\inetsrv\config\applicationHost.config set setProfileEnvironment=true. I think you have to restart IIS as well.
I think this is old question but I need to detail my case.
I use the command Set objAcad = GetObject(, "AutoCAD.Application") to call AutoCAD and get error as above.
But this command worked well when PC has admin user but for some security reasons, this right is removed. User only use standard (domain) user.
Only AutoCAD 2006,2007,2008,2009 got this issue. It works on AutoCAD 2015(even domain user).
I used win7 64bit.
Thanks for any support.
Try passing an empty string instead of nothing as the first parameter, i.e.
Set objAcad = GetObject("", "AutoCAD.Application")
According to this reference there is a difference. In your example, if an instance does not already exist, it will return an error, but with the empty string, it will create a new instance (like CreateObject()
I'm using some Excel files like databases.
Those files are read by a VBA code that extract data from it.
For example I've created an Excel file containing logins and password to build an authentification system.
What I would like to do now is to limit access to those files so that only my code can access/modify them.
Safeguards:
Hide the window when reading, at the end of the sub close the workbook.
Password protect the workbook, its VBE with a separate password.
Password protect the sub that calls the workbook (containing the password as plain text).
Events to every possible occasion to close the workbook if accessed manually.
If someone only needs to read it, a query can be set up on the fly then disconnected ASAP.
Make sure you double- and triplecheck whether you can use alternatives, Excel is not safe.
Instead of using Excel to store passwords, you can test who is currently logged in to windows via curr_user=Environ("USERNAME") in VBA.
This pushes the authentication to Windows and you don't have to store passwords. Then you just need to look up the curr_user on a list of authorized users, which is better than storing a list of users and passwords. #user3819867 's suggestions would still apply to this 'user list', just as it would to a 'user and password' list.
Only trade-off is that you couldn't run the Excel database on someone else's computer, but that might be a reasonable compromise compared to the alternative.
I am using CR 2008. That version allows the use dynamic parameters instead of static parameter. Using that type of parameter will direct CR to go inside the table/view and display what is resided inside the database for us to select the data/information for filtering. That is nice and convenient feature but each time I run the report, I was prompted with server name, user name and password. The user name is the name of the schema and its related password. Those credentials are not supposed to be disclosed to users.
Have anyone come across the same issue and how do you stop CR report from asking for these credentials? It did not ask when I switch to static parameters... the prompt only shows up when dynamic parameters are used.
Thanks!
I finally found a way to get around this issue. In my Crystal report, I used SQL statement in the command for easy future maintenance. I think using command triggers the prompt for user name and password when dynamic parameters is used. I switched to use views for my reports and CR stopped asking me for the credentials. I still favor using commands instead of views though and still curious if there is a way to stop CR from prompting for credential in dynamic parameters when command is used.
Are facing this issue in CR tool or in any other environment which is used to view the report.