we need to hide the password from application connection string? I'm thinking about possibility to hash the password and then somehow setup listener or database to accept these hashed passwords.
This is my connection string:
"Provider=MSDataShape;Data Provider=OraOLEDB.Oracle;Data Source=wpstestu;User ID=myUser;Password=myPassword;"
We're using ADO, Visual basic 6 COMponents and ASP technology. Database version is 10g (@ HP UX and some also @Win2k3 server), application servers are running on Windows 2003 server. I'm not sure what exactly is responsible for logins. I guess it starts with ADO -> OLEDB ->ORACLE4OLEDB. So if the oracle client is able to send hashed password, I think it will be working.
Connection string is saved in the application custom .ini file.