MySQL Forums
Forum List  »  Connector/ODBC

Re: ODBC connector and credentials encryption
Posted by: Bogdan Degtyariov
Date: February 26, 2017 09:37PM

Hi Mike,

The DSN which contains the connection credentials is maintained by the ODBC Driver Manager.
In case of Windows the ODBC Driver Manager is built into the OS and all your connection parameters are stored in the registry as plain text.
This means that the user and the password are stored un-encrypted by the system.

You can check this in regedit.exe the following path:

Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\ODBC\ODBC.INI\<MY_DSN_NAME>

I assume the 64-bit version of Windows and 32-bit version of ODBC Driver.
Wow6432Node should be removed from the path if both Windows and the ODBC driver are 64-bit or both Windows and the ODBC driver are 32-bit.

However, at the connection time the password is not transmitted over the network as plain text. It is hashed using secure_auth method.
This works even for connections that are not SSL-encrypted.
In other words, intercepting packets for such connection by 3rd party will not expose the password, but other data (such as queries and results) can be easily recovered.

SSL ensures that ALL communication between the client and the server cannot be read without having the encryption keys.

In Connector/ODBC 5.1 the SSL is not enabled by default. If you need the SSL to be the default option you should use Connector/ODBC 5.3.7.
Thanks.

--
Best regards,
Bogdan Degtyariov

Options: ReplyQuote


Subject
Written By
Posted
Re: ODBC connector and credentials encryption
February 26, 2017 09:37PM


Sorry, you can't reply to this topic. It has been closed.

Content reproduced on this site is the property of the respective copyright holders. It is not reviewed in advance by Oracle and does not necessarily represent the opinion of Oracle or any other party.