473,852 Members | 1,772 Online
Bytes | Software Development & Data Engineering Community
+ Post

Home Posts Topics Members FAQ

Persist Security Info

Could you tell me what it's for the "Persist Security Info ..." value in a
connection string.

Thank you.
Nov 16 '05 #1
4 10767
It was used to pass back to the caller application the user name/password of
the connection, allowing people to sniff that information. It should always
be set to false.

l/cpconsecureadon etconnections.a sp

Telmo Sampaio

"Alberto" <al*****@nospam .com> wrote in message
news:uq******** ******@TK2MSFTN GP12.phx.gbl...
Could you tell me what it's for the "Persist Security Info ..." value in a
connection string.

Thank you.

Nov 16 '05 #2
Hi Alberto,

"Alberto" <al*****@nospam .com> wrote in message
news:uq******** ******@TK2MSFTN GP12.phx.gbl...
Could you tell me what it's for the "Persist Security Info ..." value in a
connection string.

Not to be rude, but: have you heard about Google?

In a quick search for "Persist Security Info" - The first page google
presented to me
contained only relevant answers...


Lars Wilhelmsen
Software Engineer
Teleplan A/S, Norway
Nov 16 '05 #3
Persist Security Info means that the security information that was used to
create the connection to the database is retained so that further
connections can get that security information without the it having to
provided again. This is a bad thing:




Keep Persist Security Info as False
Setting Persist Security Info to true or yes will allow security-sensitive
information, including the userid and password, to be obtained from the
connection after the connection has been opened. If you are supplying a
userid and password when making a connection, you are most protected if that
information is used to open the connection, and then discarded. As a result,
your option that helps to provide greater security is to set Persist
Security Info to false or no.

This is especially important if you are supplying an open connection to an
untrusted source or persisting connection information to disk. Keeping
Persist Security Info as false helps ensure that the untrusted source does
not have access to the security-sensitive information for your connection
and also helps ensure that no security-sensitive information is persisted to
disk with your connection string information.

Persist Security Info is false by default.

"Alberto" <al*****@nospam .com> wrote in message
news:uq******** ******@TK2MSFTN GP12.phx.gbl...
Could you tell me what it's for the "Persist Security Info ..." value in a
connection string.

Thank you.

Nov 16 '05 #4
When you're using a UDL or similar persistent storage it means the password
gets stored in clear text along with everything else.
Klaus H. Probst, MVP
"Alberto" <al*****@nospam .com> wrote in message
news:uq******** ******@TK2MSFTN GP12.phx.gbl...
Could you tell me what it's for the "Persist Security Info ..." value in a
connection string.

Thank you.

Nov 16 '05 #5

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

by: Pack Fan | last post by:
I've noticed that session variables will persist on Mac IE even after all browser windows have been closed. One must quit the program to clear the session variables. This presents a security risk for my session variable based security scheme. Basically, the risk is that a user will login to my site, close the window when done and allow someone else to come up to the machine, go back to my site and be logged into the previous user's...
by: news.rcn.com | last post by:
How can I access the request and response object for a page using javascript. I want to stick some data on with something like request.setAttribute( "User's choice for later use" ). I can't seem to find a reference to request or response objects in JavaScript either in Google Groups or O'Reilly's "JavaScript the Definitive Guide" (surely it should be in the latter, huh?) I know I could use a hidden form element but the data would be a...
by: BH | last post by:
I developed a small web app using the FormsAuthentication class to set a cookie (FormsAuthentication.SetAuthCookie(value, isPersist)). The cookie persists fine on my local PC when "isPersist" is true and I can see the cookie file in the cookies folder on my disk. However, after I migrated the application to a server, the cookie is no longer written to the disk. It's still in memory and as long as I don't close the browser instance, the...
by: THY | last post by:
Hi, in a connection string, Persist Security Info=False is for what ? I see it everytimes but no idea what it is ... anyone know ? thanks
by: John Dalberg | last post by:
I am setting the HttpContext.Current.User in the Application_AuthenticateRequest event in global.asax.cs. When I use the IsInRole function in a web page, it works fine. So far so good. (Note that Integrated security is used and anonymous is turned off.) This app will actually work as a child app for an Intranet app so when I remove the application designation in IIS for the child app folder, IsInRole is always null, which is not good. I...
by: Kent Johnson | last post by:
Is there a way to persist a class definition (not a class instance, the actual class) so it can be restored later? A naive approach using pickle doesn't work: >>> import pickle >>> class Foo(object): ... def show(self): ... print "I'm a Foo" ... >>> p = pickle.dumps(Foo) >>> p 'c__main__\nFoo\np0\n.'
by: SEMIH DEMIR | last post by:
Sitelerden birinde verilen yabancı kaynakli bir scriptti duzenledim yanlız birseyin içinden bir turlu cıkamadım işin aslı ilk defa persistin upload componentini kullanacam yanlız suanki haliyle verdiği hata şu.Bilen arkadaşlar lütfen yardım edin Persits.Upload.1 error '800a0020' The system cannot find the path specified. /classifieds/upload.asp, line 250
by: Jeremy Chapman | last post by:
I have included below virtually all the code to a control I'm trying to build. My issue is that an array list property in my control does not get persisted properly to the aspx page code in design time. If I type the code in the aspx manually it does get parsed correctly though. This is an example of the aspx code that gets parsed correctly. For some reason, if I changed update the Tab property of the control through the GUI at design...
by: cj | last post by:
I've been trying all week to write a VB.net soap client. I've finally gotten a connection after figuring out I needed to change the name of a ..xml file I was given to .wsdl and add it as a web reference in my Windows app. When I click button2 to logout I get an error message and the folks at the company I'm connecting to say I need to set my session to persist. They can not tell me how to do this as they are non-MS Java developers. ...
by: marktang | last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However, people are often confused as to whether an ONU can Work As a Router. In this blog post, we’ll explore What is ONU, What Is Router, ONU & Router’s main usage, and What is the difference between ONU and Router. Let’s take a closer look ! Part I. Meaning of...
by: Hystou | last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can effortlessly switch the default language on Windows 10 without reinstalling. I'll walk you through it. First, let's disable language synchronization. With a Microsoft account, language settings sync across devices. To prevent any complications,...
by: Oralloy | last post by:
Hello folks, I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>". The problem is that using the GNU compilers, it seems that the internal comparison operator "<=>" tries to promote arguments from unsigned to signed. This is as boiled down as I can make it. Here is my compilation command: g++-12 -std=c++20 -Wnarrowing bit_field.cpp Here is the code in...
by: jinu1996 | last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven tapestry of website design and digital marketing. It's not merely about having a website; it's about crafting an immersive digital experience that captivates audiences and drives business growth. The Art of Business Website Design Your website is...
by: tracyyun | last post by:
Dear forum friends, With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each protocol has its own unique characteristics and advantages, but as a user who is planning to build a smart home system, I am a bit confused by the choice of these technologies. I'm particularly interested in Zigbee because I've heard it does some...
by: TSSRALBI | last post by:
Hello I'm a network technician in training and I need your help. I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs. The last exercise I practiced was to create a LAN-to-LAN VPN between two Pfsense firewalls, by using IPSEC protocols. I succeeded, with both firewalls in the same network. But I'm wondering if it's possible to do the same thing, with 2 Pfsense firewalls...
by: adsilva | last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
by: 6302768590 | last post by:
Hai team i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system
by: bsmnconsultancy | last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence can significantly impact your brand's success. BSMN Consultancy, a leader in Website Development in Toronto offers valuable insights into creating effective websites that not only look great but also perform exceptionally well. In this comprehensive...

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.