distal-attribute
distal-attribute
distal-attribute
distal-attribute

Sending custom Aplication Name parameter for connection.

User, date Message
Written by SQLusr
4 months ago
Category: Creating a connection
3 posts since Wed, 04 Jun 14
The MSSQL database I use at work recently enabled a LOGON TRIGGER that checks the application name that is connecting to it.

I don't want to use their crappy software client and I'd rather use Heidi to explore and retrieve data. Is it possible with Heidi to send a custom Aplicaton Name string? or just none at all?. In this case, i think sending none works because '.Net SqlClient Data Provider' (default if none supplied iirc) is allowed in.
Written by ansgar
4 months ago
5045 posts since Fri, 07 Apr 06
No, HeidiSQL always sends a hardcoded "HeidiSQL" as "Application Name" property in the connection string. A custom name would open a security hole in my eyes, for exactly the reason you are describing. Some administrator does not want you to use some other client than a specific one, and you try to trick that security setting.

I would say, ask your administrator if he's willing to change that setting. Probably he can also just extend it to have two allowed applications rather than all applications.
Written by SQLusr
4 months ago
3 posts since Wed, 04 Jun 14
Hi, I understand the argument. But it is nice to have flexible tools that do whatever you want tho, (woulndn't it be nice to see and maybe modify the full connection that string hedi is using?).

From my point of view the security hole is on the server side and there are many ways to get around it. I just wanted to get around it using Heidi and not something else. :)

Anyway, I actually went around and changed the string in the sourcecode and compiled. Being a total newb with the language and delphi I found that quite satisfying. Might be worth to note some trouble I had with the compiling process:

-It wont let you compile with XE6 unless you trick it into thinking it's XE5 (added a few lines to some file, can't remember the details, but I can look it up if you want).
-When compiling the resource files (icon, etc) the mc compiler could not build the version.RES file. I removed the lines
FILEOS VOS__WINDOWS32
FILETYPE VFT_APP
from version.rc

no idea if this will cause any trouble, but I just found it strange that the compiler wouldn't recognize the strings.

Anyway. Thanks for your software I like it a lot, I promise I'm not up to any mischief. Cheers!
Written by ansgar
4 months ago
5045 posts since Fri, 07 Apr 06
XE6 is not yet supported in Heidi. XE5 is the name of the package directorysmileWell.

Yes, of course the security hole is a bit theoretical here. But security is a matter of principle, so I think in a public application like HeidiSQL there should not be such a way to circumstance the security features of the server.
Written by ansgar
4 months ago
5045 posts since Fri, 07 Apr 06
I could probably live with some hidden feature, let's say a registry hack in the session configuration. For example, if your session is named "MyServer", then, if HeidiSQL finds an "AppName" value in "HKEY_CURRENT_USER\Software\HeidiSQL\Servers\MyServer\", it is used instead of the hardcoded value. How's that?
Written by SQLusr
4 months ago
3 posts since Wed, 04 Jun 14
As of right now modifying the single line of code works fine, yay for open source!

Any added flexibility is a good thing imo, but maybe a registry hack would be something too obscure for someone to casually come up with.

IMO the ideal thing would be to add the possibility to connect via a pseudo command line instruction instead of a GUI with set fields, that is you provide the program with the connection string and it just sends it, but I dont know if this could make it unstable or something.

You never know, maybe this could be a useful feature to check if your server is working right.
Written by ansgar
4 months ago
5045 posts since Fri, 07 Apr 06
You are proposing the maximum effort solution here, man. Simple ideas please.
 

Please login to leave a reply, or register at first.