General discussion

Locked

Store database connection settings

By MaryWeilage Editor ·
This week's .NET newsletter provides instructions on how to store database connection settings.

In the final paragraph, author Tony Patton says: "In the end, the ultimate decision is yours. You may choose to place the connection string directly within the application if security and maintenance is not an issue. The same is true with the use of a configuration or XML file and registry entries." Please let us know which method you prefer.

If you aren't subscribed to our free .NET newsletter, click the following link to automatically sign up:
http://nl.com.com/MiniFormHandler?brand=builder&subs_channel=bldr_front_door&list_id=e605&tag=fb

This conversation is currently closed to new comments.

11 total posts (Page 2 of 2)   Prev   01 | 02
Thread display: Collapse - | Expand +

All Comments

Collapse -

Make it less obvious...

by raakesh.kotecha In reply to Store database connection ...

Encryption and tighter Security are all fine.

But, how about not giving hints to what these actual 'settings' are for in the first place...

I've yet to see an article on Security which encourages developers to divert the attention of potential hackers away from the really useful data that many developers hold in plain text config files.

Instead of using words such as
"database" , "Connection", "UserID", "PWD" etc which already hint as what these are use generic, ambiguous words such as say: "Screen", "Title", "Xpos", "Ypos" - almost anything that you can come up with that looks like the usual settings...

Obviously as the developer you know what real meaning they hold but 'hackers' will be concentrating on database userid pwd etc !

Back to Web Development Forum
11 total posts (Page 2 of 2)   Prev   01 | 02

Related Discussions

Related Forums