473,399 Members | 3,401 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

home > topics > c# / c sharp > questions > connection string

Join Bytes to post your question to a community of 473,399 software developers and data experts.

Connection String

Hi All!

I've got an ado.net app with several win forms.
In the first form (form1) I connect to DB and in other forms I use
connection string generated by the form1 and stored in sqlconnection object
of form1.
If I use windows authorization of SQL Server everything works fine, but when
I use SQL Server authorization it doesn't work because sqlconnection object
doesn't store the password and as a result of retrieving connection string
from this object
I get connection string without password.

I know about "Persist Security Info". But setting it to true is not
reccomended.

Does anyone could help me to find a solution ?
Or should I use another way of connecting to DB from different win forms?

Thanks
Nov 15 '05 #1
5 3273
Hi Dmitry,

You should not keep the connection open. Keep a connection string with the
user name and the password in it in some configuration class accessible from
all of the forms. When you need to connect to the database, read the
connection string from the configuration and instantiate the SqlConnection
object with the string retrieved.

--
Dmitriy Lapshin [C# / .NET MVP]
X-Unity Test Studio
http://x-unity.miik.com.ua/teststudio.aspx
Bring the power of unit testing to VS .NET IDE

"Dmitry Karneyev" <ka******@msn.com> wrote in message
news:Om**************@TK2MSFTNGP11.phx.gbl...
Hi All!

I've got an ado.net app with several win forms.
In the first form (form1) I connect to DB and in other forms I use
connection string generated by the form1 and stored in sqlconnection object of form1.
If I use windows authorization of SQL Server everything works fine, but when I use SQL Server authorization it doesn't work because sqlconnection object doesn't store the password and as a result of retrieving connection string from this object
I get connection string without password.

I know about "Persist Security Info". But setting it to true is not
reccomended.

Does anyone could help me to find a solution ?
Or should I use another way of connecting to DB from different win forms?

Thanks


Nov 15 '05 #2
Thanks Dmitriy for your reply.
Actually I dont keep connection open. I symply copy connection string from
sqlconnection
object from form1 to sqlconnection objects in other forms.
And here is the problem with retrieving the password.

Is your variant 'good' from the side of cecurity?
What can you say about it ? Isn't it safe to keep connection string in such
way?

Thanks.

"Dmitriy Lapshin [C# / .NET MVP]" <x-****@no-spam-please.hotpop.com>
ÓÏÏÂÝÉÌ/ÓÏÏÂÝÉÌÁ × ÎÏ×ÏÓÔÑÈ ÓÌÅÄÕÀÝÅÅ:
news:O2**************@tk2msftngp13.phx.gbl...
Hi Dmitry,

You should not keep the connection open. Keep a connection string with the
user name and the password in it in some configuration class accessible from all of the forms. When you need to connect to the database, read the
connection string from the configuration and instantiate the SqlConnection
object with the string retrieved.

--
Dmitriy Lapshin [C# / .NET MVP]
X-Unity Test Studio
http://x-unity.miik.com.ua/teststudio.aspx
Bring the power of unit testing to VS .NET IDE

"Dmitry Karneyev" <ka******@msn.com> wrote in message
news:Om**************@TK2MSFTNGP11.phx.gbl...
Hi All!

I've got an ado.net app with several win forms.
In the first form (form1) I connect to DB and in other forms I use
connection string generated by the form1 and stored in sqlconnection

object
of form1.
If I use windows authorization of SQL Server everything works fine, but

when
I use SQL Server authorization it doesn't work because sqlconnection

object
doesn't store the password and as a result of retrieving connection

string
from this object
I get connection string without password.

I know about "Persist Security Info". But setting it to true is not
reccomended.

Does anyone could help me to find a solution ?
Or should I use another way of connecting to DB from different win forms?
Thanks

Nov 15 '05 #3
> Is your variant 'good' from the side of cecurity?
What can you say about it ? Isn't it safe to keep connection string in such way?
Of course you should not store connection string with a password as plain
text in a disk file. However, I think it is quite safe to store it as a
plain text in memory, well, unless your application does not require strong
security considerations. You could at least store password encrypted and
substitute a placeholder like {0} with it at the moment you are going to
establish a connection.

--
Dmitriy Lapshin [C# / .NET MVP]
X-Unity Test Studio
http://x-unity.miik.com.ua/teststudio.aspx
Bring the power of unit testing to VS .NET IDE

"Dmitry Karneyev" <ka******@msn.com> wrote in message
news:Oj*************@TK2MSFTNGP09.phx.gbl... Thanks Dmitriy for your reply.
Actually I dont keep connection open. I symply copy connection string from
sqlconnection
object from form1 to sqlconnection objects in other forms.
And here is the problem with retrieving the password.

Is your variant 'good' from the side of cecurity?
What can you say about it ? Isn't it safe to keep connection string in such way?

Thanks.

"Dmitriy Lapshin [C# / .NET MVP]" <x-****@no-spam-please.hotpop.com>
ÓÏÏÂÝÉÌ/ÓÏÏÂÝÉÌÁ × ÎÏ×ÏÓÔÑÈ ÓÌÅÄÕÀÝÅÅ:
news:O2**************@tk2msftngp13.phx.gbl...
Hi Dmitry,

You should not keep the connection open. Keep a connection string with the
user name and the password in it in some configuration class accessible

from
all of the forms. When you need to connect to the database, read the
connection string from the configuration and instantiate the SqlConnection object with the string retrieved.

--
Dmitriy Lapshin [C# / .NET MVP]
X-Unity Test Studio
http://x-unity.miik.com.ua/teststudio.aspx
Bring the power of unit testing to VS .NET IDE

"Dmitry Karneyev" <ka******@msn.com> wrote in message
news:Om**************@TK2MSFTNGP11.phx.gbl...
Hi All!

I've got an ado.net app with several win forms.
In the first form (form1) I connect to DB and in other forms I use
connection string generated by the form1 and stored in sqlconnection

object
of form1.
If I use windows authorization of SQL Server everything works fine,
but when
I use SQL Server authorization it doesn't work because sqlconnection

object
doesn't store the password and as a result of retrieving connection

string
from this object
I get connection string without password.

I know about "Persist Security Info". But setting it to true is not
reccomended.

Does anyone could help me to find a solution ?
Or should I use another way of connecting to DB from different win

forms?
Thanks



Nov 15 '05 #4
Here's also a link to an article on securing connection strings:

http://www.dotnetwire.com/redirect.asp?newsid=5037

--
Dmitriy Lapshin [C# / .NET MVP]
X-Unity Test Studio
http://x-unity.miik.com.ua/teststudio.aspx
Bring the power of unit testing to VS .NET IDE

"Dmitry Karneyev" <ka******@msn.com> wrote in message
news:Oj*************@TK2MSFTNGP09.phx.gbl...
Thanks Dmitriy for your reply.
Actually I dont keep connection open. I symply copy connection string from
sqlconnection
object from form1 to sqlconnection objects in other forms.
And here is the problem with retrieving the password.

Is your variant 'good' from the side of cecurity?
What can you say about it ? Isn't it safe to keep connection string in such way?

Thanks.

"Dmitriy Lapshin [C# / .NET MVP]" <x-****@no-spam-please.hotpop.com>
ÓÏÏÂÝÉÌ/ÓÏÏÂÝÉÌÁ × ÎÏ×ÏÓÔÑÈ ÓÌÅÄÕÀÝÅÅ:
news:O2**************@tk2msftngp13.phx.gbl...
Hi Dmitry,

You should not keep the connection open. Keep a connection string with the
user name and the password in it in some configuration class accessible

from
all of the forms. When you need to connect to the database, read the
connection string from the configuration and instantiate the SqlConnection object with the string retrieved.

--
Dmitriy Lapshin [C# / .NET MVP]
X-Unity Test Studio
http://x-unity.miik.com.ua/teststudio.aspx
Bring the power of unit testing to VS .NET IDE

"Dmitry Karneyev" <ka******@msn.com> wrote in message
news:Om**************@TK2MSFTNGP11.phx.gbl...
Hi All!

I've got an ado.net app with several win forms.
In the first form (form1) I connect to DB and in other forms I use
connection string generated by the form1 and stored in sqlconnection

object
of form1.
If I use windows authorization of SQL Server everything works fine,
but when
I use SQL Server authorization it doesn't work because sqlconnection

object
doesn't store the password and as a result of retrieving connection

string
from this object
I get connection string without password.

I know about "Persist Security Info". But setting it to true is not
reccomended.

Does anyone could help me to find a solution ?
Or should I use another way of connecting to DB from different win

forms?
Thanks



Nov 15 '05 #5
Thanks for the link, Dmitriy!

"Dmitriy Lapshin [C# / .NET MVP]" <x-****@no-spam-please.hotpop.com>
ÓÏÏÂÝÉÌ/ÓÏÏÂÝÉÌÁ × ÎÏ×ÏÓÔÑÈ ÓÌÅÄÕÀÝÅÅ:
news:Or**************@TK2MSFTNGP12.phx.gbl...
Here's also a link to an article on securing connection strings:

http://www.dotnetwire.com/redirect.asp?newsid=5037

--
Dmitriy Lapshin [C# / .NET MVP]
X-Unity Test Studio
http://x-unity.miik.com.ua/teststudio.aspx
Bring the power of unit testing to VS .NET IDE

"Dmitry Karneyev" <ka******@msn.com> wrote in message
news:Oj*************@TK2MSFTNGP09.phx.gbl...
Thanks Dmitriy for your reply.
Actually I dont keep connection open. I symply copy connection string from
sqlconnection
object from form1 to sqlconnection objects in other forms.
And here is the problem with retrieving the password.

Is your variant 'good' from the side of cecurity?
What can you say about it ? Isn't it safe to keep connection string in

such
way?

Thanks.

"Dmitriy Lapshin [C# / .NET MVP]" <x-****@no-spam-please.hotpop.com>
ÓÏÏÂÝÉÌ/ÓÏÏÂÝÉÌÁ × ÎÏ×ÏÓÔÑÈ ÓÌÅÄÕÀÝÅÅ:
news:O2**************@tk2msftngp13.phx.gbl...
Hi Dmitry,

You should not keep the connection open. Keep a connection string with the user name and the password in it in some configuration class accessible from
all of the forms. When you need to connect to the database, read the
connection string from the configuration and instantiate the SqlConnection object with the string retrieved.

--
Dmitriy Lapshin [C# / .NET MVP]
X-Unity Test Studio
http://x-unity.miik.com.ua/teststudio.aspx
Bring the power of unit testing to VS .NET IDE

"Dmitry Karneyev" <ka******@msn.com> wrote in message
news:Om**************@TK2MSFTNGP11.phx.gbl...
> Hi All!
>
> I've got an ado.net app with several win forms.
> In the first form (form1) I connect to DB and in other forms I use
> connection string generated by the form1 and stored in
sqlconnection object
> of form1.
> If I use windows authorization of SQL Server everything works fine,

but when
> I use SQL Server authorization it doesn't work because sqlconnection object
> doesn't store the password and as a result of retrieving connection
string
> from this object
> I get connection string without password.
>
> I know about "Persist Security Info". But setting it to true is not
> reccomended.
>
> Does anyone could help me to find a solution ?
> Or should I use another way of connecting to DB from different win

forms?
>
> Thanks
>
>


Nov 15 '05 #6
New Post

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

17
empty connection string
by: AMC | last post by:
Hi, I'm using an include file to store the connection string to a database. Whenever I try to reference that string to open a connection in the page that includes the file I get the error 'empy...
ASP / Active Server Pages
0
Create a MS SQL Server Connection DataLink Properties Window
by: Jay Douglas | last post by:
Hello, I'm trying to create a Data Links Property window that behaves just like the dialog box in Visual Studio .Net for MS Sql Server connections. I've found a lot of examples that use...
C# / C Sharp
5
Database Connection - Development to Production
by: Matt | last post by:
Hello, What is the best way to handle the database connection string for a class library project that will be compiled and used as a .dll? This .dll will be accessed via classic ASP and in...
.NET Framework
37
change connection string dynamically
by: sam44 | last post by:
Hi, At startup the user log on and chooses the name of a client from a dropdownlist, which then changes dynamically the connection string (the name of the client indicates which database to use)....
ASP.NET
1
Change Connection String during runtime
by: Sankalp | last post by:
Hi, I am using VB 2005. My application has many data bound controls. The connection is stored in the app.config file. I want the application to start with a default connection string and while...
Visual Basic .NET
3
Database connection pooling in ASPx
by: fniles | last post by:
In the Windows application (using VB.NET 2005) I use connection pooling like the following: In the main form load I open a connection using a connection string that I stored in a global variable...
ASP.NET
6
Cintury
Unable to read data from the transport Connection
by: Cintury | last post by:
Hi all, I've developed a mobile application for windows mobile 5.0 that has been in use for a while (1 year and a couple of months). It was developed in visual studios 2005 with a back-end sql...
Mobile Development
0
Connection watching in VB.NET 2008
by: Robert Avery | last post by:
In VBA/VB6, I had a class (incomplete sample below) that watched and displayed for the user all connection events, so that I could easily see what SQL was taking a long time, and when it freezes, I...
Visual Basic .NET
2
Web.config and Connection String Management
by: Johnson | last post by:
I'm trying to fix a "sub optimal" situation with respect to connection string management. Your thoughtful responses will be appreciated. I just started with a new client who has a bunch of legacy...
.NET Framework
0
How to turn on java script in a villaon keypad mobile phone
by: Charles Arthur | last post by:
How do i turn on java script on a villaon, callus and itel keypad mobile phone
Java
1
Looking to do Android software development, any suggestions? Is flutter better?
by: nemocccc | last post by:
hello, everyone, I want to develop a software for my android phone for daily needs, any suggestions?
General
1
Is that possible of reading the .csv file in column wise and the column have different lengths ?
by: Sonnysonu | last post by:
This is the data of csv file 1 2 3 1 2 3 1 2 3 1 2 3 2 3 2 3 3 the lengths should be different i have to store the data by column-wise with in the specific length. suppose the i have to...
C / C++
0
marktang
What is ONU?
by: marktang | last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However,...
General
0
Changing the language in Windows 10
by: Hystou | last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can...
Windows Server
0
Oralloy
Problem With Comparison Operator <=> in G++
by: Oralloy | last post by:
Hello folks, I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>". The problem is that using the GNU compilers,...
C / C++
0
jinu1996
Maximizing Business Potential: The Nexus of Website Design and Digital Marketing
by: jinu1996 | last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven...
Online Marketing
0
The easy way to turn off automatic updates for Windows 10/11
by: Hystou | last post by:
Overview: Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows...
Windows Server
0
agi2029
AI Job Threat for Devs
by: agi2029 | last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing,...
Career Advice

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2024
About Bytes
Terms Of Use
Privacy Policy
Sitemap
Advertise on Bytes:
Post a Job
Sponsored Posts
Platinum & Gold Sponsors
Hire Now!