469,904 Members | 2,065 Online
Bytes | Developer Community
New Post

Home Posts Topics Members FAQ

Post your question to a community of 469,904 developers. It's quick & easy.

Is storing connection string in a session variable a good idea?

I have an application where a have a single admin database and multiple
customer databases containing the customer's warehouse data. In the
admin database I hold a user table and also a client table which holds
the encrypted individual clients connection string to their database. At
the moment on every page of my web app I make a call to the admin
database to retrieve the connection string and then decrypt it (the
web.config holds the encrpyted connection string for the admin
database). I was wondering if it might be easier just to set a session
variable to the value of the decrpyted client connection string on login
and then on each page set a property for the client connection string to
the value of this session variable.
Do you think this is this a good idea or not?
Joe

*** Sent via Developersdex http://www.developersdex.com ***
Apr 1 '06 #1
1 3885
HK
I say "not" because if anyone manages to upload a simple ASP page to your
website, they could have that ASP page iterate through all session variables
and display to the screen.

Also, you have the problem of potentially not maintaining session state on
100% of browsers, but that can be worked around fairly easily by just
calling your routine again if you don't have the answer in the session
variable.

You might consider a session variable that is encrypted well. Then you just
decrypt it on the fly in your code upon each use.
"booksnore" <sa******@plandatamgmt.com> wrote in message
news:%2****************@TK2MSFTNGP10.phx.gbl...
I have an application where a have a single admin database and multiple
customer databases containing the customer's warehouse data. In the
admin database I hold a user table and also a client table which holds
the encrypted individual clients connection string to their database. At
the moment on every page of my web app I make a call to the admin
database to retrieve the connection string and then decrypt it (the
web.config holds the encrpyted connection string for the admin
database). I was wondering if it might be easier just to set a session
variable to the value of the decrpyted client connection string on login
and then on each page set a property for the client connection string to
the value of this session variable.
Do you think this is this a good idea or not?
Joe

*** Sent via Developersdex http://www.developersdex.com ***

Apr 1 '06 #2

This discussion thread is closed

Replies have been disabled for this discussion.

Similar topics

2 posts views Thread by Francisco | last post: by
2 posts views Thread by Shyam | last post: by
2 posts views Thread by Curt tabor | last post: by
37 posts views Thread by sam44 | last post: by
5 posts views Thread by djc | last post: by
1 post views Thread by Waqarahmed | last post: by
reply views Thread by Salome Sato | last post: by
By using this site, you agree to our Privacy Policy and Terms of Use.