Home
|
Forums
|
Contact
|
Search
|
Syndication
[login]
[create account]
Monday, November 25, 2024
slxdeveloper.com
Home
Search
Contact us
About slxdeveloper
Syndication
Community
Forums
(NEW!)
Newsletter Archive
Members
Your Profile
Submit Article
General
Administration
(6)
OLE DB Provider
Miscellaneous
(2)
Architect
VBScript
(9)
ActiveX Controls
(6)
How To's
(14)
.NET Extensions
(3)
External
OLE DB Provider
(12)
SLAPI (SlgxApi.dll)
SalesLogix COM
(1)
Web
ASP/ASP.NET
(2)
Web Services
Web Client
Downloads
Samples
(17)
Documentation
(7)
Utilities
(18)
Resources
SalesLogix
(3)
Programming
(1)
11/25/2024 6:22:46 PM
slxdeveloper.com Community Forums
The Forums on slxdeveloper.com are now retired. The forum archive will remain available for the time being. Thank you for your participation on slxdeveloper.com!
Web Forums - ASP/ASP.NET/Web Services/Other
Forum to discuss building external web applications for SalesLogix. View the
code of conduct
for posting guidelines.
Forums RSS Feed
Back to Forum List
|
Back to ASP/ASP.NET/Web Services/Other
|
New Thread
View:
Dynamic
Flat
Tree
Search:
Author
Thread: Avoid hardcoded connection string
Steve Knowles
Posts: 657
Avoid hardcoded connection string
Posted: 14 Apr 08 3:11 PM
I have a .net web service that updates a table in the slx db. I want to use the SLX OLEDB provider to facilitate creating sync logs. Currently I have the username and password hardcoded into the connection string, but I would like to avoid this as I would have to update the webservice code if the password changes. I would also like to avoid putting the password in the web.config file. What other options do I have here? This is my current connection string:
ConnectionStr = "Provider=SLXOLEDB.1
assword=nothepassword
ersist Security Info=True;User ID=admin;Initial Catalog=PWMSLXTEST;Data Source=PWMSLXTEST;Extended Properties=PORT=1706;LOG=ON;CASEINSENSITIVEFIND=ON;AUTOINCBATCHSIZE=1;"
Thanks
[
Reply
][
Quote
]
Ryan Farley
Posts: 2265
Re: Avoid hardcoded connection string
Posted: 14 Apr 08 6:21 PM
Well, you have to get the connection string from somewhere - which means you'll have to store it somewhere. IMO, nothing wrong with storing it in the web.config.
Other than that, you'd have to devise something tricky to grab it from somewhere else (such as store it in a database and use a trusted connection to connect to the database to grab it, then disconnect and reconnect using the new connection string, KWIM?)
-Ryan
[
Reply
][
Quote
]
Mark Dykun
Posts: 297
Re: Avoid hardcoded connection string
Posted: 15 Apr 08 6:31 AM
Steve,
It is standard practice to provide the connection string in web.config as Ryan mentioned. You could put the user and admin is a different file and encrypt those. With the OLEDb connection string the good thing is that the connection is pointing to the SalesLogix Alias in connection manager and not directly to the SQL server so it is limiting the surface area to the one database. Also there are guards in ASP.net to not allow a config file to be uploaded or displayed on a remote machine.
Mark
[
Reply
][
Quote
]
Trent Haynes
Posts: 32
Re: Avoid hardcoded connection string
Posted: 21 Aug 08 1:00 PM
I would recommend encrypting that entry in your webconfig file.
[
Reply
][
Quote
]
Page 1 of 1
You can subscribe to receive a daily forum digest in your
user profile
. View the site
code of conduct
for posting guidelines.
Forum RSS Feed
-
Subscribe to the forum RSS feed to keep on top of the latest forum activity!
slxdeveloper.com is brought to you courtesy of
Ryan Farley
&
Customer FX Corporation
.
This site, and all contents herein, are Copyright © 2024 Customer FX Corporation. The information and opinions expressed here are not endorsed by Sage Software.
code of conduct
|
page cache (param): 11/25/2024 7:16:37 PM