• You are here:  
  • Home
  • Q&A
  • Q&A
  • PowerBuilder
  • What is the best secured way to call sp_approle from Power Builder

Subscribe via RSS
Toggle Submenu
  1. Categories
  2. Recent
  3. Tags
View Replies (2)

Resolved What is the best secured way to call sp_approle from Power Builder

  1. How-to
0
Votes
Undo
  1. Suresh Kolanu
    Suresh Kolanu
  2. PowerBuilder
  3. Wednesday, 17 March 2021 16:39 PM UTC

Dear Appeon Team,

We are using MS SQL Application role in our Power Builder Desktop application, and the SP sp_setapprole called through power builder code by passing Role name and Password.

We have an security issue here as the password is hard-coded in the power builder code to enable Application Role for currently logged-in user. As per security standards, the passwords should NOT be hard-coded or stored in config/INI files or SQL tables. We would like to know the best way to secure the password in Power Builder application.

Thank you,

Suresh

Reports crashing in Windows Server 2016
Changemenu
Responses (2)
Olan Knight
Olan Knight Accepted Answer Pending Moderation
  1. Wednesday, 17 March 2021 19:44 PM UTC
  2. PowerBuilder
  3. # 1

There are several ways to store passwords securely.

One of my favorites is to ENCODE the password, store it in the database, then when I need it I retrieve the password, DECODE it, and use the decoded pwd in the transaction object.


Later -

Olan

Comment
Suresh Kolanu
  1. Suresh Kolanu
  2. Wednesday, 5 May 2021 12:34 PM UTC
Hi Olan,

Can you please let me know which encryption algorithm (ex: SHA1, MD5 or ???, etc..) is more secure for encryption and description for protecting the password. As you suggested, we are trying to see if this can be implemented in Power Builder code.

Also, would you mind providing sample code for for encryption and decryption, or reference link for the same?

Appreciate your help in this regard !!!.



Thank you,

Suresh
  1. Helpful
Olan Knight
  1. Olan Knight
  2. Thursday, 6 May 2021 14:15 PM UTC
https://www.geeksforgeeks.org/difference-between-md5-and-sha1/



Note that I'm not an encryption expert. I believe Roland has a free example of encryption and decryption on his TOPWIZ website.

https://www.topwizprogramming.com/freecode.html

  1. Helpful
There are no comments made yet.
Chris Pollach @Appeon
Chris Pollach @Appeon Accepted Answer Pending Moderation
  1. Thursday, 18 March 2021 17:43 PM UTC
  2. PowerBuilder
  3. # 2

Hi Suresh;

   FWIW: I was always told (and still am) by EDP Auditors that storing the App / DB / Web Service / etc passwords locally is not an issue as long as they are fully and one-way encrypted. Food for thought.

Regards ... Chris

Comment
There are no comments made yet.
  • Page :
  • 1


There are no replies made for this question yet.
However, you are not allowed to reply to this question.