Plex 2E

  • Private Community
 View Only

 Security risk with ODBC credentials

Klaus Lichte's profile image
Klaus Lichte posted Mar 25, 2026 07:48 AM
Hello again,
we use our WinC Plex application with the latest Sybase Anywhere database, version 17. The connection is established via the ODBC driver.
 
For this connection, we have stored both the username and password in the data source. All users currently use the same credentials for ODBC access to the database.
 
Since this approach no longer meets the security requirements of a potential client, we need a solution where the Plex application can log in to the ODBC source itself with the appropriate credentials, without storing these credentials in the data source. Additionally, it should be possible to avoid having to store the same ODBC access credentials for every user. The credentials must also not be stored on the system or visible in plain text in a DLL. We envision a kind of secure vault that our application can access.
... To make matters worse, the Office applications Word, Excel, and Access also connect to the database via ODBC, and we currently see no way for these applications to log in to the ODBC source without storing the access credentials in the data source itself. It might be necessary to connect to the database using macros. However, these macros must be properly protected to prevent anyone from viewing the connection details.
 
That's a brief description of a big challenge!
 
Thank you in advance for your suggestions.
 
Klaus
ANDY MCKINNELL's profile image
ANDY MCKINNELL posted Mar 26, 2026 02:33 PM

Don't know all the moving pieces for this but you may be able to use kerberos.

https://infocenter.sybase.com/help/index.jsp?topic=/com.sybase.help.sqlanywhere.11.0.0/dbadmin_en11/connect-s-5633328.html

Klaus Lichte's profile image
Klaus Lichte posted Mar 31, 2026 11:01 AM

Hello Andy,

thank you very much for your answer!!!

We decided to use Sybase's integrated login. Additionally, we created a custom login procedure in the database that grants access only to specific programs ("w.h.i.t.e.l.i.s.t"). So far, we have found a solution that meets our requirements.

Best regards
Klaus