ID: Q168879
The information in this article applies to:
If you use the ODBC 3.0 Driver Manager trace facility with the Odbctrac.dll file that comes with ODBC 3.0, user names and passwords used for connections may be logged without encryption in the trace log.
You can prevent an ODBC 3.0 Driver Manager trace on computers either by removing the Odbctrac.dll file or by replacing it with a zero-length file of the same name. If tracing is attempted afterwards, the following message may appear:
General Error: either odbctrac.dll is not an ODBC tracing dll
or it is obsolete.
The ODBC 3.0 Driver Manager trace facility is provided as a debugging tool for diagnosing a wide range of ODBC issues, including database connectivity. In many debugging instances, it is necessary to determine what user name and password were used to establish the connection to the database. The ODBC 3.0 Driver Manager trace logs the user name and password to allow for comprehensive debugging of ODBC issues, and is the ODBC 3.0 replacement for the Driver Manager trace facility and ODBC SPY trace program for ODBC 2.x. The ODBC SPY trace program also logs the user name and password used in a connection.
The proper use of the ODBC 3.0 tracing facility is documented in the ODBC 3.0 Programmer's Reference Guide in Chapter 17, "Programming Considerations," under the section for Tracing.
You can find additional information on ODBC security at:
http://www.microsoft.com/odbc/
Keywords : kbinterop kbusage SSrvProg
Version : 03.00.2301
Platform : WINDOWS
Issue type : kbbug
Solution Type : kbfixLast Reviewed: September 24, 1997