This question is locked. New answers and comments are not allowed.
Hello
I read this article : http://docs.telerik.com/data-access/developers-guide/integrating-data-access-in-your-solution/data-access-tasks-deployment-connections-n-tier-applications
And i would like to know if it's possible to manage connection string Programatically,
i want to create a Partial Class EntitiesModel : to override the connection String in function of my Office,
It's my Office i get a local server and if it's server web remote , the remote connecting string.
I have a Variable for my Local Server or Remote Server , i would if it's possible to manage in Partial Class or other, for my Web App
thanks
Olivier
I read this article : http://docs.telerik.com/data-access/developers-guide/integrating-data-access-in-your-solution/data-access-tasks-deployment-connections-n-tier-applications
And i would like to know if it's possible to manage connection string Programatically,
i want to create a Partial Class EntitiesModel : to override the connection String in function of my Office,
It's my Office i get a local server and if it's server web remote , the remote connecting string.
I have a Variable for my Local Server or Remote Server , i would if it's possible to manage in Partial Class or other, for my Web App
thanks
Olivier
5 Answers, 1 is accepted
0
Olivier
Top achievements
Rank 2
Rank 2
answered on 26 Dec 2014, 09:03 PM
Hello
It's Resolved , i found a solution.
You Create a Partial Class like this
It's Resolved , i found a solution.
You Create a Partial Class like this
public partial class EntitiesModel { static EntitiesModel() { string cSqlServerString = "data source=myserver;Initial Catalog=mydatabase;Integrated Security=True;Persist Security Info=False;Asynchronous Processing=True; providerName=System.Data.SqlClient"; if (System.Net.Dns.GetHostName().ToLower().Contains("frontbackend")) { cSqlServerString = "Data Source=myserverbackend;Initial Catalog=mydatabase;Persist Security Info=True;User ID=mylogin;Password=mypassword;Asynchronous Processing=True;providerName=System.Data.SqlClient"; } connectionStringName = cSqlServerString; } }0
Hi Olivier,
The solution that you have found will work in your scenario, but has two issues:
Regards,
Viktor Zhivkov
Telerik
The solution that you have found will work in your scenario, but has two issues:
- Security issue - your connection string will be compiled in the assembly and can easily be read by anyone having the file and a decompiler. This exposes not only your database server's name, but also some credentials.
- Maintainability issue - in case you need to change any part of the connection string you will have to build and re-deploy new version of your assembly. In some cases this might by easy thing to do, but in most production applications it won't be.
Regards,
Viktor Zhivkov
Telerik
OpenAccess ORM is now Telerik Data Access. For more information on the new names, please, check out the Telerik Product Map.
0
Olivier
Top achievements
Rank 2
Rank 2
answered on 29 Dec 2014, 09:48 AM
Hello Viktor,
If i use web.config, anyone can easily read if the get this without decompiler ? (Yes or Not) ?
If i use app.config (i have two project the main app and the entity project to simplify this.),
i need to store this file (app.config) in the main project or the entity project ?
The app.config has need to deploy on the website ? or it's compiled in the dll ?
thanks
olivier
If i use web.config, anyone can easily read if the get this without decompiler ? (Yes or Not) ?
If i use app.config (i have two project the main app and the entity project to simplify this.),
i need to store this file (app.config) in the main project or the entity project ?
The app.config has need to deploy on the website ? or it's compiled in the dll ?
thanks
olivier
0
Olivier
Top achievements
Rank 2
Rank 2
answered on 29 Dec 2014, 09:51 AM
Hello Viktor,
If i use Web.config, the file can be read by anyone getting the file, it's the same problem ? (or you see other)
I have two project the main app and the data access project, if i use app.config, i need to store, in the main or the data Access Project ? i need to deploy the app.config on the website ? or it's compiled on the dll ?
thanks olivier
If i use Web.config, the file can be read by anyone getting the file, it's the same problem ? (or you see other)
I have two project the main app and the data access project, if i use app.config, i need to store, in the main or the data Access Project ? i need to deploy the app.config on the website ? or it's compiled on the dll ?
thanks olivier
0
Hello Olivier,
Usually the config files for production environment are managed by the person responsible for the deployment and management of the system and are modified on the same machines as they are deployed to reduce the risk of being compromised between the development and the deployment process. In such scenario if an unauthorized person gets access to the production configuration files on your production machine you are already in big trouble because you have a security breach.
On the other hand while your assemblies are still sensitive they contain (or should contain) less security critical details while they are passing between different development, testing and integration workflows. So if a malicious person acquires any of them he/she may gain knowledge of the system's routines, but not where exactly the data is coming which gives you another layer of protection.
For your scenario with two separate projects you need to specify the configuration in the app.config file of the executable (your Windows or Console application) or in the web.config of your web application. For a web site you will use a web.config file in the root web site folder and it will not be compiled in the assembly.
If you need any further assistance do not hesitate to contact us.
Regards and Happy New Year,
Viktor Zhivkov
Telerik
Usually the config files for production environment are managed by the person responsible for the deployment and management of the system and are modified on the same machines as they are deployed to reduce the risk of being compromised between the development and the deployment process. In such scenario if an unauthorized person gets access to the production configuration files on your production machine you are already in big trouble because you have a security breach.
On the other hand while your assemblies are still sensitive they contain (or should contain) less security critical details while they are passing between different development, testing and integration workflows. So if a malicious person acquires any of them he/she may gain knowledge of the system's routines, but not where exactly the data is coming which gives you another layer of protection.
For your scenario with two separate projects you need to specify the configuration in the app.config file of the executable (your Windows or Console application) or in the web.config of your web application. For a web site you will use a web.config file in the root web site folder and it will not be compiled in the assembly.
If you need any further assistance do not hesitate to contact us.
Regards and Happy New Year,
Viktor Zhivkov
Telerik
OpenAccess ORM is now Telerik Data Access. For more information on the new names, please, check out the Telerik Product Map.