Labels:text | screenshot | font | number OCR: TABLE 1. Microsoft's claims and Dan Morgan's response. Microsoft Dan Morgan's Response Applications using. NT security do not pass.user IDs and passwords ogrost ODBC connections A thorough tasting of the Driver Manager version 3 0 on Win- dows 95, Windows NT 3.51, and Wiridows NT 4.0 demonstrated thee a'l of these systems are compromised revealing user IDs and passwords. Sorte applications implement their own security faite fact that something may be' encrypted before being passed; mechanisme on top of ODBC. la this case user. iDs `to the ODBC Driver Manager does not prevent a malicious per's and passwords are encrypted before being trans- soh froidi writing a few lines of Visual Basic code and phrang thd mitted via ODBC: ichcripted passivord directly to the application's back end !! Applications should prevent tracing of any sensi; tive commands by setting connection at tributethe This argument assumes that the vendor of [hogy ODBC basedhet plication is willing to tocompile dvory preexisting application : Even ilnewly det eloped app les ions toth the treong facility off there'se no protection for applications already installed and mining; Tragna can be completely disabled by leaving SOL ATTRETRACE SIF off at wil ; This can be done with a single line of vista: Basic "code it can be done by in Activex control drh DIL,anche che be dond by anycachant physical ornetwork och us to A cents machine! you could white so appl coton that starts up and wine chately turris tracing off A completely different process could; turi it ont ha comproinise the astonst On windows 95 or windows NT the trace DLL y It can also simply be placed back onto the machinethat only com odbetracall can simply be deleted .. this be done intentionally; it can be done nadichcostly anichtith: tout warning bysany productienicht durchoshik s office y fthat Finscalls the bat as part of its installatica routine there wah wirhdowsisthand windows $Smasecure d'abo does Itation of the rece options; jot address the factthat it achi es à hand ton chori bonbon ou A nastiout user would have to take extreme mea: ODBC trading's consider the mouse dieeks annointr
(2000).iso/dbmsa/sep97/morgt101.gif){kind=small}
(2000).iso/dbmsa/sep97/mckit102.gif){kind=link}
(2000).iso/dbmsa/sep97/slatf101.gif){kind=link}