Connection String

[Dmitry Karneyev]

Hi All!

I've got an ado.net app with several win forms.
In the first form (form1) I connect to DB and in other forms I use
connection string generated by the form1 and stored in sqlconnection object
of form1.
If I use windows authorization of SQL Server everything works fine, but when
I use SQL Server authorization it doesn't work because sqlconnection object
doesn't store the password and as a result of retrieving connection string
from this object
I get connection string without password.

I know about "Persist Security Info". But setting it to true is not
reccomended.

Does anyone could help me to find a solution ?
Or should I use another way of connecting to DB from different win forms?

Thanks

 

[Dmitriy Lapshin [C# / .NET MVP]]

Hi Dmitry,

You should not keep the connection open. Keep a connection string with the
user name and the password in it in some configuration class accessible from
all of the forms. When you need to connect to the database, read the
connection string from the configuration and instantiate the SqlConnection
object with the string retrieved.

 

[Dmitry Karneyev]

Thanks Dmitriy for your reply.
Actually I dont keep connection open. I symply copy connection string from
sqlconnection
object from form1 to sqlconnection objects in other forms.
And here is the problem with retrieving the password.

Is your variant 'good' from the side of cecurity?
What can you say about it ? Isn't it safe to keep connection string in such
way?

Thanks.

"Dmitriy Lapshin [C# / .NET MVP]" <[email protected]>
ÓÏÏÂÝÉÌ/ÓÏÏÂÝÉÌÁ × ÎÏ×ÏÓÔÑÈ ÓÌÅÄÕÀÝÅÅ:

Hi Dmitry,

You should not keep the connection open. Keep a connection string with the
user name and the password in it in some configuration class accessible from
all of the forms. When you need to connect to the database, read the
connection string from the configuration and instantiate the SqlConnection
object with the string retrieved.

--
Dmitriy Lapshin [C# / .NET MVP]
X-Unity Test Studio
http://x-unity.miik.com.ua/teststudio.aspx
Bring the power of unit testing to VS .NET IDE

Hi All!

I've got an ado.net app with several win forms.
In the first form (form1) I connect to DB and in other forms I use
connection string generated by the form1 and stored in sqlconnection object
of form1.
If I use windows authorization of SQL Server everything works fine, but when
I use SQL Server authorization it doesn't work because sqlconnection object
doesn't store the password and as a result of retrieving connection string
from this object
I get connection string without password.

I know about "Persist Security Info". But setting it to true is not
reccomended.

Does anyone could help me to find a solution ?
Or should I use another way of connecting to DB from different win forms?

Thanks

 

[Dmitriy Lapshin [C# / .NET MVP]]

Is your variant 'good' from the side of cecurity?

What can you say about it ? Isn't it safe to keep connection string in such
way?

Of course you should not store connection string with a password as plain
text in a disk file. However, I think it is quite safe to store it as a
plain text in memory, well, unless your application does not require strong
security considerations. You could at least store password encrypted and
substitute a placeholder like {0} with it at the moment you are going to
establish a connection.

--
Dmitriy Lapshin [C# / .NET MVP]
X-Unity Test Studio
http://x-unity.miik.com.ua/teststudio.aspx
Bring the power of unit testing to VS .NET IDE

Thanks Dmitriy for your reply.
Actually I dont keep connection open. I symply copy connection string from
sqlconnection
object from form1 to sqlconnection objects in other forms.
And here is the problem with retrieving the password.

Is your variant 'good' from the side of cecurity?
What can you say about it ? Isn't it safe to keep connection string in such
way?

Thanks.

"Dmitriy Lapshin [C# / .NET MVP]" <[email protected]>
ÓÏÏÂÝÉÌ/ÓÏÏÂÝÉÌÁ × ÎÏ×ÏÓÔÑÈ ÓÌÅÄÕÀÝÅÅ:

Hi Dmitry,

You should not keep the connection open. Keep a connection string with the
user name and the password in it in some configuration class accessible from
all of the forms. When you need to connect to the database, read the
connection string from the configuration and instantiate the SqlConnection
object with the string retrieved.

--
Dmitriy Lapshin [C# / .NET MVP]
X-Unity Test Studio
http://x-unity.miik.com.ua/teststudio.aspx
Bring the power of unit testing to VS .NET IDE

Hi All!

I've got an ado.net app with several win forms.
In the first form (form1) I connect to DB and in other forms I use
connection string generated by the form1 and stored in sqlconnection object
of form1.
If I use windows authorization of SQL Server everything works fine,

but
when

I use SQL Server authorization it doesn't work because sqlconnection object
doesn't store the password and as a result of retrieving connection string
from this object
I get connection string without password.

I know about "Persist Security Info". But setting it to true is not
reccomended.

Does anyone could help me to find a solution ?
Or should I use another way of connecting to DB from different win forms?

Thanks

 

[Dmitriy Lapshin [C# / .NET MVP]]

Here's also a link to an article on securing connection strings:

http://www.dotnetwire.com/redirect.asp?newsid=5037

--
Dmitriy Lapshin [C# / .NET MVP]
X-Unity Test Studio
http://x-unity.miik.com.ua/teststudio.aspx
Bring the power of unit testing to VS .NET IDE

Thanks Dmitriy for your reply.
Actually I dont keep connection open. I symply copy connection string from
sqlconnection
object from form1 to sqlconnection objects in other forms.
And here is the problem with retrieving the password.

Is your variant 'good' from the side of cecurity?
What can you say about it ? Isn't it safe to keep connection string in such
way?

Thanks.

"Dmitriy Lapshin [C# / .NET MVP]" <[email protected]>
ÓÏÏÂÝÉÌ/ÓÏÏÂÝÉÌÁ × ÎÏ×ÏÓÔÑÈ ÓÌÅÄÕÀÝÅÅ:

Hi Dmitry,

You should not keep the connection open. Keep a connection string with the
user name and the password in it in some configuration class accessible from
all of the forms. When you need to connect to the database, read the
connection string from the configuration and instantiate the SqlConnection
object with the string retrieved.

--
Dmitriy Lapshin [C# / .NET MVP]
X-Unity Test Studio
http://x-unity.miik.com.ua/teststudio.aspx
Bring the power of unit testing to VS .NET IDE

Hi All!

I've got an ado.net app with several win forms.
In the first form (form1) I connect to DB and in other forms I use
connection string generated by the form1 and stored in sqlconnection object
of form1.
If I use windows authorization of SQL Server everything works fine,

but
when

I use SQL Server authorization it doesn't work because sqlconnection object
doesn't store the password and as a result of retrieving connection string
from this object
I get connection string without password.

I know about "Persist Security Info". But setting it to true is not
reccomended.

Does anyone could help me to find a solution ?
Or should I use another way of connecting to DB from different win forms?

Thanks

 

[Dmitry Karneyev]

Thanks for the link, Dmitriy!

"Dmitriy Lapshin [C# / .NET MVP]" <[email protected]>
ÓÏÏÂÝÉÌ/ÓÏÏÂÝÉÌÁ × ÎÏ×ÏÓÔÑÈ ÓÌÅÄÕÀÝÅÅ:

Here's also a link to an article on securing connection strings:

http://www.dotnetwire.com/redirect.asp?newsid=5037

--
Dmitriy Lapshin [C# / .NET MVP]
X-Unity Test Studio
http://x-unity.miik.com.ua/teststudio.aspx
Bring the power of unit testing to VS .NET IDE

Thanks Dmitriy for your reply.
Actually I dont keep connection open. I symply copy connection string from
sqlconnection
object from form1 to sqlconnection objects in other forms.
And here is the problem with retrieving the password.

Is your variant 'good' from the side of cecurity?
What can you say about it ? Isn't it safe to keep connection string in such
way?

Thanks.

"Dmitriy Lapshin [C# / .NET MVP]" <[email protected]>
ÓÏÏÂÝÉÌ/ÓÏÏÂÝÉÌÁ × ÎÏ×ÏÓÔÑÈ ÓÌÅÄÕÀÝÅÅ:

Hi Dmitry,

You should not keep the connection open. Keep a connection string with the
user name and the password in it in some configuration class

accessible
from

all of the forms. When you need to connect to the database, read the
connection string from the configuration and instantiate the SqlConnection
object with the string retrieved.

--
Dmitriy Lapshin [C# / .NET MVP]
X-Unity Test Studio
http://x-unity.miik.com.ua/teststudio.aspx
Bring the power of unit testing to VS .NET IDE

Hi All!

I've got an ado.net app with several win forms.
In the first form (form1) I connect to DB and in other forms I use
connection string generated by the form1 and stored in sqlconnection
object
of form1.
If I use windows authorization of SQL Server everything works fine, but
when
I use SQL Server authorization it doesn't work because sqlconnection
object
doesn't store the password and as a result of retrieving connection
string
from this object
I get connection string without password.

I know about "Persist Security Info". But setting it to true is not
reccomended.

Does anyone could help me to find a solution ?
Or should I use another way of connecting to DB from different win forms?

Thanks