By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
460,031 Members | 1,248 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 460,031 IT Pros & Developers. It's quick & easy.

How can I have a user select a local MS SQL database using vb.net? TIA SAL

P: n/a
Greets

I have sucessfully created a sql database and vb.net program locally connecting to my local server.
(I used visual studio 2003)
I would like to send the database along with the compiled vb.net code to the user. The problem is the users
machine and msde server are going to have different names. How do I change this in my code to have
the user select thier sql server and sql database located locally on his/her machine.

PS the user will have msde installed

TIA
Nov 21 '05 #1
Share this Question
Share on Google+
5 Replies


P: n/a
See if this helps

http://www.thecodeproject.com/database/serverenum.asp

http://www.winnetmag.com/SQLServer/A...821/19821.html

Thank You,
rawCoder
<sa*@spp.net> wrote in message
news:au******************@bignews5.bellsouth.net.. .
Greets

I have sucessfully created a sql database and vb.net program locally connecting to my local server. (I used visual studio 2003)
I would like to send the database along with the compiled vb.net code to the user. The problem is the users machine and msde server are going to have different names. How do I change this in my code to have the user select thier sql server and sql database located locally on his/her machine.
PS the user will have msde installed

TIA

Nov 21 '05 #2

P: n/a

You shouldn't be storing the connection in your code. Store it in the config file or registry. If
the data is sensitive be sure and encrypt the string as well.

hth
Richard
Nov 21 '05 #3

P: n/a
Richard,

I have seen this on MSDN as well. However I do not understand the last
sentence, can you tell me why?
You shouldn't be storing the connection in your code. Store it in the
registry. If the data >is sensitive be sure and encrypt the string as
well.


This implies for me that the registry of a Microsoft Webserver is insecure,
even for people who are not able to decrypt a string.

Cor
Nov 21 '05 #4

P: n/a
Hi Cor,

Its just a general design strategy of reducing the attack surface of an application/security in
depth.

Often times people build these fortresses with really high walls but once your inside your free to
roam about the softest of centers. By encrypting the connection string (if it contains the username
and password of SQL logon account rather than integrated security) you create yet another defense
against attack.i.ebake security into every layer of your application right from the get go. Dont
rely on a single component for all aspects of security.

Just becuase they can hack a server doesn;t mean they access they can access the registry. But if as
in my previous post you are storing to the config file then they wont need too.

With respect to the registry, you might then say that if the server is breached such that the
attacker could access the registry then they might not even need the registry key to get at the SQL
data. You might be right, but given the simplicity of encryption in dotNet framework i see little
penalty for the encryption of a registry value and as a course of habit, to me it makes sense to do
it.

Its only got to prove its merit once.

Oao
Richard

"Cor Ligthert" <no************@planet.nl> wrote in message
news:%2****************@TK2MSFTNGP14.phx.gbl...
Richard,

I have seen this on MSDN as well. However I do not understand the last
sentence, can you tell me why?
You shouldn't be storing the connection in your code. Store it in the
registry. If the data >is sensitive be sure and encrypt the string as
well.


This implies for me that the registry of a Microsoft Webserver is insecure,
even for people who are not able to decrypt a string.

Cor

Nov 21 '05 #5

P: n/a
Richard,
With respect to the registry, you might then say that if the server is
breached such that the
attacker could access the registry then they might not even need the
registry key to get at the SQL
data. You might be right, but given the simplicity of encryption in dotNet
framework i see little
penalty for the encryption of a registry value and as a course of habit,
to me it makes sense to do
it.

Exactly that above would have been my next message when you had not written
it, however about the complete context of your message we agree.

(I expressly deleted the config file from your message, I understand that
you saw that)

Cor
Nov 21 '05 #6

This discussion thread is closed

Replies have been disabled for this discussion.