Home | Forums | Contact | Search | Syndication  
 
 [login] [create account]   Monday, November 25, 2024 
 
slxdeveloper.com Community Forums  
   
The Forums on slxdeveloper.com are now retired. The forum archive will remain available for the time being. Thank you for your participation on slxdeveloper.com!
 Web Forums - ASP/ASP.NET/Web Services/Other
Forum to discuss building external web applications for SalesLogix. View the code of conduct for posting guidelines.
Forums RSS Feed


 Back to Forum List | Back to ASP/ASP.NET/Web Services/Other | New ThreadView:  Search:  
 Author  Thread: Avoid hardcoded connection string
Steve Knowles
Posts: 657
Top 10 forum poster: 657 posts
 
Avoid hardcoded connection stringYour last visit to this thread was on 1/1/1970 12:00:00 AM
Posted: 14 Apr 08 3:11 PM
I have a .net web service that updates a table in the slx db. I want to use the SLX OLEDB provider to facilitate creating sync logs. Currently I have the username and password hardcoded into the connection string, but I would like to avoid this as I would have to update the webservice code if the password changes. I would also like to avoid putting the password in the web.config file. What other options do I have here? This is my current connection string:
ConnectionStr = "Provider=SLXOLEDB.1assword=nothepasswordersist Security Info=True;User ID=admin;Initial Catalog=PWMSLXTEST;Data Source=PWMSLXTEST;Extended Properties=PORT=1706;LOG=ON;CASEINSENSITIVEFIND=ON;AUTOINCBATCHSIZE=1;"

Thanks

[Reply][Quote]
Ryan Farley
Posts: 2265
slxdeveloper.com Site Administrator
Top 10 forum poster: 2265 posts
 
Re: Avoid hardcoded connection stringYour last visit to this thread was on 1/1/1970 12:00:00 AM
Posted: 14 Apr 08 6:21 PM
Well, you have to get the connection string from somewhere - which means you'll have to store it somewhere. IMO, nothing wrong with storing it in the web.config.

Other than that, you'd have to devise something tricky to grab it from somewhere else (such as store it in a database and use a trusted connection to connect to the database to grab it, then disconnect and reconnect using the new connection string, KWIM?)

-Ryan
[Reply][Quote]
Mark Dykun
Posts: 297
 
Re: Avoid hardcoded connection stringYour last visit to this thread was on 1/1/1970 12:00:00 AM
Posted: 15 Apr 08 6:31 AM
Steve,

It is standard practice to provide the connection string in web.config as Ryan mentioned. You could put the user and admin is a different file and encrypt those. With the OLEDb connection string the good thing is that the connection is pointing to the SalesLogix Alias in connection manager and not directly to the SQL server so it is limiting the surface area to the one database. Also there are guards in ASP.net to not allow a config file to be uploaded or displayed on a remote machine.

Mark
[Reply][Quote]
Trent Haynes
Posts: 32
 
Re: Avoid hardcoded connection stringYour last visit to this thread was on 1/1/1970 12:00:00 AM
Posted: 21 Aug 08 1:00 PM
I would recommend encrypting that entry in your webconfig file.
[Reply][Quote]
 Page 1 of 1 
  You can subscribe to receive a daily forum digest in your user profile. View the site code of conduct for posting guidelines.

   Forum RSS Feed - Subscribe to the forum RSS feed to keep on top of the latest forum activity!
 

 
 slxdeveloper.com is brought to you courtesy of Ryan Farley & Customer FX Corporation.
 This site, and all contents herein, are Copyright © 2024 Customer FX Corporation. The information and opinions expressed here are not endorsed by Sage Software.

code of conduct | Subscribe to the slxdeveloper.com Latest Article RSS feed
   
 
page cache (param): 11/25/2024 7:16:37 PM