473,320 Members | 1,766 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 473,320 software developers and data experts.

Persist Security Info

Could you tell me what it's for the "Persist Security Info ..." value in a
connection string.

Thank you.
Nov 16 '05 #1
4 10693
It was used to pass back to the caller application the user name/password of
the connection, allowing people to sniff that information. It should always
be set to false.

http://msdn.microsoft.com/library/de...us/cpguide/htm
l/cpconsecureadonetconnections.asp

Telmo Sampaio

"Alberto" <al*****@nospam.com> wrote in message
news:uq**************@TK2MSFTNGP12.phx.gbl...
Could you tell me what it's for the "Persist Security Info ..." value in a
connection string.

Thank you.

Nov 16 '05 #2
Hi Alberto,

"Alberto" <al*****@nospam.com> wrote in message
news:uq**************@TK2MSFTNGP12.phx.gbl...
Could you tell me what it's for the "Persist Security Info ..." value in a
connection string.


Not to be rude, but: have you heard about Google?

In a quick search for "Persist Security Info" - The first page google
presented to me
contained only relevant answers...

http://www.google.com/search?hl=en&l...+Security+Info

--
Lars Wilhelmsen
http://www.sral.org/
Software Engineer
Teleplan A/S, Norway
Nov 16 '05 #3
Persist Security Info means that the security information that was used to
create the connection to the database is retained so that further
connections can get that security information without the it having to
provided again. This is a bad thing:

http://msdn.microsoft.com/library/de...onnections.asp

HTH,

Kyril

Keep Persist Security Info as False
Setting Persist Security Info to true or yes will allow security-sensitive
information, including the userid and password, to be obtained from the
connection after the connection has been opened. If you are supplying a
userid and password when making a connection, you are most protected if that
information is used to open the connection, and then discarded. As a result,
your option that helps to provide greater security is to set Persist
Security Info to false or no.

This is especially important if you are supplying an open connection to an
untrusted source or persisting connection information to disk. Keeping
Persist Security Info as false helps ensure that the untrusted source does
not have access to the security-sensitive information for your connection
and also helps ensure that no security-sensitive information is persisted to
disk with your connection string information.

Persist Security Info is false by default.

"Alberto" <al*****@nospam.com> wrote in message
news:uq**************@TK2MSFTNGP12.phx.gbl...
Could you tell me what it's for the "Persist Security Info ..." value in a
connection string.

Thank you.

Nov 16 '05 #4
When you're using a UDL or similar persistent storage it means the password
gets stored in clear text along with everything else.
--
Klaus H. Probst, MVP
http://www.vbbox.com/
"Alberto" <al*****@nospam.com> wrote in message
news:uq**************@TK2MSFTNGP12.phx.gbl...
Could you tell me what it's for the "Persist Security Info ..." value in a
connection string.

Thank you.

Nov 16 '05 #5

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

9
by: Pack Fan | last post by:
I've noticed that session variables will persist on Mac IE even after all browser windows have been closed. One must quit the program to clear the session variables. This presents a security risk...
3
by: news.rcn.com | last post by:
How can I access the request and response object for a page using javascript. I want to stick some data on with something like request.setAttribute( "User's choice for later use" ). I can't seem...
2
by: BH | last post by:
I developed a small web app using the FormsAuthentication class to set a cookie (FormsAuthentication.SetAuthCookie(value, isPersist)). The cookie persists fine on my local PC when "isPersist" is...
1
by: THY | last post by:
Hi, in a connection string, Persist Security Info=False is for what ? I see it everytimes but no idea what it is ... anyone know ? thanks
3
by: John Dalberg | last post by:
I am setting the HttpContext.Current.User in the Application_AuthenticateRequest event in global.asax.cs. When I use the IsInRole function in a web page, it works fine. So far so good. (Note that...
6
by: Kent Johnson | last post by:
Is there a way to persist a class definition (not a class instance, the actual class) so it can be restored later? A naive approach using pickle doesn't work: >>> import pickle >>> class...
0
by: SEMIH DEMIR | last post by:
Sitelerden birinde verilen yabancı kaynakli bir scriptti duzenledim yanlız birseyin içinden bir turlu cıkamadım işin aslı ilk defa persistin upload componentini kullanacam yanlız suanki haliyle...
0
by: Jeremy Chapman | last post by:
I have included below virtually all the code to a control I'm trying to build. My issue is that an array list property in my control does not get persisted properly to the aspx page code in design...
4
by: cj | last post by:
I've been trying all week to write a VB.net soap client. I've finally gotten a connection after figuring out I needed to change the name of a ..xml file I was given to .wsdl and add it as a web...
0
by: DolphinDB | last post by:
Tired of spending countless mintues downsampling your data? Look no further! In this article, you’ll learn how to efficiently downsample 6.48 billion high-frequency records to 61 million...
0
by: ryjfgjl | last post by:
ExcelToDatabase: batch import excel into database automatically...
1
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 6 Mar 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM). In this month's session, we are pleased to welcome back...
0
by: Vimpel783 | last post by:
Hello! Guys, I found this code on the Internet, but I need to modify it a little. It works well, the problem is this: Data is sent from only one cell, in this case B5, but it is necessary that data...
0
by: jfyes | last post by:
As a hardware engineer, after seeing that CEIWEI recently released a new tool for Modbus RTU Over TCP/UDP filtering and monitoring, I actively went to its official website to take a look. It turned...
1
by: Defcon1945 | last post by:
I'm trying to learn Python using Pycharm but import shutil doesn't work
1
by: Shællîpôpï 09 | last post by:
If u are using a keypad phone, how do u turn on JavaScript, to access features like WhatsApp, Facebook, Instagram....
0
by: af34tf | last post by:
Hi Guys, I have a domain whose name is BytesLimited.com, and I want to sell it. Does anyone know about platforms that allow me to list my domain in auction for free. Thank you
0
isladogs
by: isladogs | last post by:
The next Access Europe User Group meeting will be on Wednesday 3 Apr 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome former...

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.