thr3ads.net - R devel - [Rd] Password security problem in RODBC package (PR#9038) [Jun 2006]

If this information is useful, please help other people find it:
Share via:

Twitter
Facebook
Email

bwmoore22 at yahoo.com

2006-Jun-27 22:03 UTC

[Rd] Password security problem in RODBC package (PR#9038)

The RODBC package retains the unencrypted user ID and
password used on the odbcConnect() statement as part
of the database object.  This unencrypted user ID and
password are then saved with the .RData and .RHist
files where they can potentially be discovered by
other users.  

To recreate:

0) R version is 2.2.0 with corresponding download of 
   RODBC package

1) library(RODBC)
  
dbhandle<-odbcConnect("dbname",uid="user",pwd="")

2) display the user ID and password with
   dbhandle

3) Quit
   q()

4) Respond "Y" to the save data prompt

5) Edit the .Rdata file and search for the user name
   and/or the password.

R devel - Jun 2006 - Password security problem in RODBC package (PR#9038)

[Rd] Password security problem in RODBC package (PR#9038)