Results 1 to 2 of 2
  1. #1
    Join Date
    Oct 2006

    Unanswered: Tricking db apps

    Hey guys, my first post so here goes...

    I'm wondering if anyone here knows how to write a program (or download a program) that pretends its a sql server and listens for connections, so that when an app thinks its sending its connection string to a server, its sending it to the locally installed program, so that you can get the UID and password from the connection string.

    I'm working at a company where we need to write an extension to the software we use but we don't know the login to use for it. These programs are horribly designed. If you run it with the net card disabled it dumps the connection string to the screen but of course it has the UID and pass starred out. Any thoughts?

  2. #2
    Join Date
    Feb 2004
    In front of the computer
    Provided Answers: 54
    Just log onto the SQL Server as an administrator and add a new login with a new password, and give the associated new user whatever permissions that it needs. You don't need to worry about using the same user and password that the old application is using, and reusing them will actually confuse issues for you down the road. Trying to intercept the login and password being used both a serious security problem and completely unnecessary.


Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts