Application Security Testing: An Integral Part of DevOps
To create a DSN at run time you could use the SQLConfigDataSource API. Internally this information is stored in the registry. The syntax is attached below
SQLConfigDataSource(NULL,ODBC_ADD_DSN,"Microsoft Access Driver (*.mdb)\0","DSN=TestDB\0DBQ=D:\\Database\\Friends.mdb\0DEFAULTDIR=D:\\DATABASE\0\0");
As a workaround you have to use the below mentioned code.
The following code places : where a /0 is expected and there is a loop which replaces a ":" with "/0". You will not be in a position to use sprintf because, when it encounters a /0 it assumes it is the end of the string and ignores the rest of the data.
sprintf(szDesc,"DSN=%s: DESCRIPTION=TOC support source: DBQ=%s: FIL=MicrosoftAccess: DEFAULTDIR=D:\\Database:: ","TestDB","D:\\Friends.mdb");
mlen = strlen(szDesc);
for (int i=0; i<mlen; i++)
if (szDesc[i] == ':')
szDesc[i] = '\0';
if (FALSE == SQLConfigDataSource(NULL,ODBC_ADD_DSN,"Microsoft Access Driver (*.mdb)\0",(LPCSTR)szDesc))