473,326 Members | 2,438 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 473,326 software developers and data experts.

Connection String

Hi All!

I've got an ado.net app with several win forms.
In the first form (form1) I connect to DB and in other forms I use
connection string generated by the form1 and stored in sqlconnection object
of form1.
If I use windows authorization of SQL Server everything works fine, but when
I use SQL Server authorization it doesn't work because sqlconnection object
doesn't store the password and as a result of retrieving connection string
from this object
I get connection string without password.

I know about "Persist Security Info". But setting it to true is not
reccomended.

Does anyone could help me to find a solution ?
Or should I use another way of connecting to DB from different win forms?

Thanks
Nov 15 '05 #1
5 3267
Hi Dmitry,

You should not keep the connection open. Keep a connection string with the
user name and the password in it in some configuration class accessible from
all of the forms. When you need to connect to the database, read the
connection string from the configuration and instantiate the SqlConnection
object with the string retrieved.

--
Dmitriy Lapshin [C# / .NET MVP]
X-Unity Test Studio
http://x-unity.miik.com.ua/teststudio.aspx
Bring the power of unit testing to VS .NET IDE

"Dmitry Karneyev" <ka******@msn.com> wrote in message
news:Om**************@TK2MSFTNGP11.phx.gbl...
Hi All!

I've got an ado.net app with several win forms.
In the first form (form1) I connect to DB and in other forms I use
connection string generated by the form1 and stored in sqlconnection object of form1.
If I use windows authorization of SQL Server everything works fine, but when I use SQL Server authorization it doesn't work because sqlconnection object doesn't store the password and as a result of retrieving connection string from this object
I get connection string without password.

I know about "Persist Security Info". But setting it to true is not
reccomended.

Does anyone could help me to find a solution ?
Or should I use another way of connecting to DB from different win forms?

Thanks


Nov 15 '05 #2
Thanks Dmitriy for your reply.
Actually I dont keep connection open. I symply copy connection string from
sqlconnection
object from form1 to sqlconnection objects in other forms.
And here is the problem with retrieving the password.

Is your variant 'good' from the side of cecurity?
What can you say about it ? Isn't it safe to keep connection string in such
way?

Thanks.

"Dmitriy Lapshin [C# / .NET MVP]" <x-****@no-spam-please.hotpop.com>
сообщил/сообщила в новостях следующее:
news:O2**************@tk2msftngp13.phx.gbl...
Hi Dmitry,

You should not keep the connection open. Keep a connection string with the
user name and the password in it in some configuration class accessible from all of the forms. When you need to connect to the database, read the
connection string from the configuration and instantiate the SqlConnection
object with the string retrieved.

--
Dmitriy Lapshin [C# / .NET MVP]
X-Unity Test Studio
http://x-unity.miik.com.ua/teststudio.aspx
Bring the power of unit testing to VS .NET IDE

"Dmitry Karneyev" <ka******@msn.com> wrote in message
news:Om**************@TK2MSFTNGP11.phx.gbl...
Hi All!

I've got an ado.net app with several win forms.
In the first form (form1) I connect to DB and in other forms I use
connection string generated by the form1 and stored in sqlconnection

object
of form1.
If I use windows authorization of SQL Server everything works fine, but

when
I use SQL Server authorization it doesn't work because sqlconnection

object
doesn't store the password and as a result of retrieving connection

string
from this object
I get connection string without password.

I know about "Persist Security Info". But setting it to true is not
reccomended.

Does anyone could help me to find a solution ?
Or should I use another way of connecting to DB from different win forms?
Thanks

Nov 15 '05 #3
> Is your variant 'good' from the side of cecurity?
What can you say about it ? Isn't it safe to keep connection string in such way?
Of course you should not store connection string with a password as plain
text in a disk file. However, I think it is quite safe to store it as a
plain text in memory, well, unless your application does not require strong
security considerations. You could at least store password encrypted and
substitute a placeholder like {0} with it at the moment you are going to
establish a connection.

--
Dmitriy Lapshin [C# / .NET MVP]
X-Unity Test Studio
http://x-unity.miik.com.ua/teststudio.aspx
Bring the power of unit testing to VS .NET IDE

"Dmitry Karneyev" <ka******@msn.com> wrote in message
news:Oj*************@TK2MSFTNGP09.phx.gbl... Thanks Dmitriy for your reply.
Actually I dont keep connection open. I symply copy connection string from
sqlconnection
object from form1 to sqlconnection objects in other forms.
And here is the problem with retrieving the password.

Is your variant 'good' from the side of cecurity?
What can you say about it ? Isn't it safe to keep connection string in such way?

Thanks.

"Dmitriy Lapshin [C# / .NET MVP]" <x-****@no-spam-please.hotpop.com>
сообщил/сообщила в новостях следующее:
news:O2**************@tk2msftngp13.phx.gbl...
Hi Dmitry,

You should not keep the connection open. Keep a connection string with the
user name and the password in it in some configuration class accessible

from
all of the forms. When you need to connect to the database, read the
connection string from the configuration and instantiate the SqlConnection object with the string retrieved.

--
Dmitriy Lapshin [C# / .NET MVP]
X-Unity Test Studio
http://x-unity.miik.com.ua/teststudio.aspx
Bring the power of unit testing to VS .NET IDE

"Dmitry Karneyev" <ka******@msn.com> wrote in message
news:Om**************@TK2MSFTNGP11.phx.gbl...
Hi All!

I've got an ado.net app with several win forms.
In the first form (form1) I connect to DB and in other forms I use
connection string generated by the form1 and stored in sqlconnection

object
of form1.
If I use windows authorization of SQL Server everything works fine,
but when
I use SQL Server authorization it doesn't work because sqlconnection

object
doesn't store the password and as a result of retrieving connection

string
from this object
I get connection string without password.

I know about "Persist Security Info". But setting it to true is not
reccomended.

Does anyone could help me to find a solution ?
Or should I use another way of connecting to DB from different win

forms?
Thanks



Nov 15 '05 #4
Here's also a link to an article on securing connection strings:

http://www.dotnetwire.com/redirect.asp?newsid=5037

--
Dmitriy Lapshin [C# / .NET MVP]
X-Unity Test Studio
http://x-unity.miik.com.ua/teststudio.aspx
Bring the power of unit testing to VS .NET IDE

"Dmitry Karneyev" <ka******@msn.com> wrote in message
news:Oj*************@TK2MSFTNGP09.phx.gbl...
Thanks Dmitriy for your reply.
Actually I dont keep connection open. I symply copy connection string from
sqlconnection
object from form1 to sqlconnection objects in other forms.
And here is the problem with retrieving the password.

Is your variant 'good' from the side of cecurity?
What can you say about it ? Isn't it safe to keep connection string in such way?

Thanks.

"Dmitriy Lapshin [C# / .NET MVP]" <x-****@no-spam-please.hotpop.com>
сообщил/сообщила в новостях следующее:
news:O2**************@tk2msftngp13.phx.gbl...
Hi Dmitry,

You should not keep the connection open. Keep a connection string with the
user name and the password in it in some configuration class accessible

from
all of the forms. When you need to connect to the database, read the
connection string from the configuration and instantiate the SqlConnection object with the string retrieved.

--
Dmitriy Lapshin [C# / .NET MVP]
X-Unity Test Studio
http://x-unity.miik.com.ua/teststudio.aspx
Bring the power of unit testing to VS .NET IDE

"Dmitry Karneyev" <ka******@msn.com> wrote in message
news:Om**************@TK2MSFTNGP11.phx.gbl...
Hi All!

I've got an ado.net app with several win forms.
In the first form (form1) I connect to DB and in other forms I use
connection string generated by the form1 and stored in sqlconnection

object
of form1.
If I use windows authorization of SQL Server everything works fine,
but when
I use SQL Server authorization it doesn't work because sqlconnection

object
doesn't store the password and as a result of retrieving connection

string
from this object
I get connection string without password.

I know about "Persist Security Info". But setting it to true is not
reccomended.

Does anyone could help me to find a solution ?
Or should I use another way of connecting to DB from different win

forms?
Thanks



Nov 15 '05 #5
Thanks for the link, Dmitriy!

"Dmitriy Lapshin [C# / .NET MVP]" <x-****@no-spam-please.hotpop.com>
сообщил/сообщила в новостях следующее:
news:Or**************@TK2MSFTNGP12.phx.gbl...
Here's also a link to an article on securing connection strings:

http://www.dotnetwire.com/redirect.asp?newsid=5037

--
Dmitriy Lapshin [C# / .NET MVP]
X-Unity Test Studio
http://x-unity.miik.com.ua/teststudio.aspx
Bring the power of unit testing to VS .NET IDE

"Dmitry Karneyev" <ka******@msn.com> wrote in message
news:Oj*************@TK2MSFTNGP09.phx.gbl...
Thanks Dmitriy for your reply.
Actually I dont keep connection open. I symply copy connection string from
sqlconnection
object from form1 to sqlconnection objects in other forms.
And here is the problem with retrieving the password.

Is your variant 'good' from the side of cecurity?
What can you say about it ? Isn't it safe to keep connection string in

such
way?

Thanks.

"Dmitriy Lapshin [C# / .NET MVP]" <x-****@no-spam-please.hotpop.com>
сообщил/сообщила в новостях следующее:
news:O2**************@tk2msftngp13.phx.gbl...
Hi Dmitry,

You should not keep the connection open. Keep a connection string with the user name and the password in it in some configuration class accessible from
all of the forms. When you need to connect to the database, read the
connection string from the configuration and instantiate the SqlConnection object with the string retrieved.

--
Dmitriy Lapshin [C# / .NET MVP]
X-Unity Test Studio
http://x-unity.miik.com.ua/teststudio.aspx
Bring the power of unit testing to VS .NET IDE

"Dmitry Karneyev" <ka******@msn.com> wrote in message
news:Om**************@TK2MSFTNGP11.phx.gbl...
> Hi All!
>
> I've got an ado.net app with several win forms.
> In the first form (form1) I connect to DB and in other forms I use
> connection string generated by the form1 and stored in
sqlconnection object
> of form1.
> If I use windows authorization of SQL Server everything works fine,

but when
> I use SQL Server authorization it doesn't work because sqlconnection object
> doesn't store the password and as a result of retrieving connection
string
> from this object
> I get connection string without password.
>
> I know about "Persist Security Info". But setting it to true is not
> reccomended.
>
> Does anyone could help me to find a solution ?
> Or should I use another way of connecting to DB from different win

forms?
>
> Thanks
>
>


Nov 15 '05 #6

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

17
by: AMC | last post by:
Hi, I'm using an include file to store the connection string to a database. Whenever I try to reference that string to open a connection in the page that includes the file I get the error 'empy...
0
by: Jay Douglas | last post by:
Hello, I'm trying to create a Data Links Property window that behaves just like the dialog box in Visual Studio .Net for MS Sql Server connections. I've found a lot of examples that use...
5
by: Matt | last post by:
Hello, What is the best way to handle the database connection string for a class library project that will be compiled and used as a .dll? This .dll will be accessed via classic ASP and in...
37
by: sam44 | last post by:
Hi, At startup the user log on and chooses the name of a client from a dropdownlist, which then changes dynamically the connection string (the name of the client indicates which database to use)....
1
by: Sankalp | last post by:
Hi, I am using VB 2005. My application has many data bound controls. The connection is stored in the app.config file. I want the application to start with a default connection string and while...
3
by: fniles | last post by:
In the Windows application (using VB.NET 2005) I use connection pooling like the following: In the main form load I open a connection using a connection string that I stored in a global variable...
6
Cintury
by: Cintury | last post by:
Hi all, I've developed a mobile application for windows mobile 5.0 that has been in use for a while (1 year and a couple of months). It was developed in visual studios 2005 with a back-end sql...
0
by: Robert Avery | last post by:
In VBA/VB6, I had a class (incomplete sample below) that watched and displayed for the user all connection events, so that I could easily see what SQL was taking a long time, and when it freezes, I...
2
by: Johnson | last post by:
I'm trying to fix a "sub optimal" situation with respect to connection string management. Your thoughtful responses will be appreciated. I just started with a new client who has a bunch of legacy...
0
by: DolphinDB | last post by:
Tired of spending countless mintues downsampling your data? Look no further! In this article, you▓ll learn how to efficiently downsample 6.48 billion high-frequency records to 61 million...
0
by: ryjfgjl | last post by:
ExcelToDatabase: batch import excel into database automatically...
0
by: Vimpel783 | last post by:
Hello! Guys, I found this code on the Internet, but I need to modify it a little. It works well, the problem is this: Data is sent from only one cell, in this case B5, but it is necessary that data...
0
by: jfyes | last post by:
As a hardware engineer, after seeing that CEIWEI recently released a new tool for Modbus RTU Over TCP/UDP filtering and monitoring, I actively went to its official website to take a look. It turned...
1
by: CloudSolutions | last post by:
Introduction: For many beginners and individual users, requiring a credit card and email registration may pose a barrier when starting to use cloud servers. However, some cloud server providers now...
1
by: Defcon1945 | last post by:
I'm trying to learn Python using Pycharm but import shutil doesn't work
0
by: af34tf | last post by:
Hi Guys, I have a domain whose name is BytesLimited.com, and I want to sell it. Does anyone know about platforms that allow me to list my domain in auction for free. Thank you
0
by: Faith0G | last post by:
I am starting a new it consulting business and it's been a while since I setup a new website. Is wordpress still the best web based software for hosting a 5 page website? The webpages will be...
0
isladogs
by: isladogs | last post by:
The next Access Europe User Group meeting will be on Wednesday 3 Apr 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome former...

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.