Application Security Testing: An Integral Part of DevOps
Environment: VC6 SP4, NT4 SP5
IntroductionThis article is the result of some work I did in a recent project. I was improving a configuration program user interface for a complex client-server application where several databases where used. A common configuration option was what DSN (Data Source Name) to use. Since users had found it inconvenient to look the DSN name up using the ODBC configuration tool in the control panel and then type the name manually, we had decided to add a browse for DSN button.
Since I didn't find any standard "browse for DSN dialog" I wrapped the interesting calls to the ODBC API in a simple class called CDSNCollection which then was used to enumerate the DSNs and show them in a home made browse dialog.
The pitfallsDoing simple things with ODBC API in C++ can easily become complicated. First of all an environment handle has to be created (see CDSNCollection::CDSNCollection for details). Then one must specify which ODBC version to use (see CDSNCollection::CDSNCollection for details). This might seam strange since the latest version probably is used 99% of the time. My guess is that Microsoft has chosen this approach in order to achieve forward capability even when making major changes in the ODBC API. And when you think of it for a while it actually makes more sense than the "classical" Microsoft way to achieve backward and forward capability.
A few thoughtsI don't usually use C++ for heavy database action and this operation is quite simple since it does not use any specific database. Still two calls are needed just to initialize before the simple task of getting a few DSN names. Error handling is also a little special; see the call to SQLGetDiagRec in CDSNCollection::CallSQLDataSources.
DownloadsDownload demo project - 17 Kb
Download source - 3 Kb