This is a migrated thread and some comments may be shown as answers.

Manage Connection String

5 Answers 107 Views
General Discussions
This is a migrated thread and some comments may be shown as answers.
This question is locked. New answers and comments are not allowed.
Olivier
Top achievements
Rank 2
Olivier asked on 26 Dec 2014, 05:35 PM
Hello

I read this article : http://docs.telerik.com/data-access/developers-guide/integrating-data-access-in-your-solution/data-access-tasks-deployment-connections-n-tier-applications

And i would like to know if it's possible to manage connection string Programatically,

i want to create a Partial Class EntitiesModel : to override the connection String in function of my Office,
It's my Office  i get a local server and if it's server web remote , the remote connecting string.

I have a Variable for my Local Server or Remote Server , i would if it's possible to manage in Partial Class or other, for my Web App

thanks
Olivier

5 Answers, 1 is accepted

Sort by
0
Olivier
Top achievements
Rank 2
answered on 26 Dec 2014, 09:03 PM
Hello

It's Resolved , i found a solution.

You Create a Partial Class like this

public partial class EntitiesModel
  {
 
      
      static EntitiesModel()
      {
           
          string cSqlServerString = "data source=myserver;Initial Catalog=mydatabase;Integrated Security=True;Persist Security Info=False;Asynchronous Processing=True; providerName=System.Data.SqlClient";
          if (System.Net.Dns.GetHostName().ToLower().Contains("frontbackend")) {
              cSqlServerString = "Data Source=myserverbackend;Initial Catalog=mydatabase;Persist Security Info=True;User ID=mylogin;Password=mypassword;Asynchronous Processing=True;providerName=System.Data.SqlClient";
          }
          connectionStringName = cSqlServerString;
 
      }
 
  }



0
Viktor Zhivkov
Telerik team
answered on 29 Dec 2014, 09:38 AM
Hi Olivier,

The solution that you have found will work in your scenario, but has two issues:
  1. Security issue - your connection string will be compiled in the assembly and can easily be read by anyone having the file and a decompiler. This exposes not only your database server's name, but also some credentials.
  2. Maintainability issue - in case you need to change any part of the connection string you will have to build and re-deploy new version of your assembly. In some cases this might by easy thing to do, but in most production applications it won't be.
Fortunately there is an easy solution for both problems - you can put both connection strings in a app.config/web.config file, give them different names and just switch the names in your code as you are currently doing. Telerik Data Access will resolve the connection string from the config file by its name automatically so you need to only provide only the name.
 
Regards,
Viktor Zhivkov
Telerik
 
OpenAccess ORM is now Telerik Data Access. For more information on the new names, please, check out the Telerik Product Map.
 
0
Olivier
Top achievements
Rank 2
answered on 29 Dec 2014, 09:48 AM
Hello Viktor,

If i use web.config, anyone can easily read if the get this without decompiler ? (Yes or Not) ?

If i use app.config (i have two project the main app and the entity project to simplify this.),
i need to store this file (app.config) in the main project or the entity project ?

The app.config has need to deploy on the website ? or it's compiled in the dll ?

thanks
olivier
0
Olivier
Top achievements
Rank 2
answered on 29 Dec 2014, 09:51 AM
Hello Viktor,

If i use Web.config, the file can be read by anyone getting the file, it's the same problem ? (or you see other)

I have two project the main app and the data access project, if i use app.config, i need to store, in the main or the data Access Project ? i need to deploy the app.config on the website ? or it's compiled on the dll ?

thanks olivier
0
Viktor Zhivkov
Telerik team
answered on 30 Dec 2014, 04:26 PM
Hello Olivier,

Usually the config files for production environment are managed by the person responsible for the deployment and management of the system and are modified on the same machines as they are deployed to reduce the risk of being compromised between the development and the deployment process. In such scenario if an unauthorized person gets access to the production configuration files on your production machine you are already in big trouble because you have a security breach.
On the other hand while your assemblies are still sensitive they contain (or should contain) less security critical details while they are passing between different development, testing and integration workflows. So if a malicious person acquires any of them he/she may gain knowledge of the system's routines, but not where exactly the data is coming which gives you another layer of protection.

For your scenario with two separate projects you need to specify the configuration in the app.config file of the executable (your Windows or Console application) or in the web.config of your web application. For a web site you will use a web.config file in the root web site folder and it will not be compiled in the assembly. 

If you need any further assistance do not hesitate to contact us.

Regards and Happy New Year,
Viktor Zhivkov
Telerik
 
OpenAccess ORM is now Telerik Data Access. For more information on the new names, please, check out the Telerik Product Map.
 
Tags
General Discussions
Asked by
Olivier
Top achievements
Rank 2
Answers by
Olivier
Top achievements
Rank 2
Viktor Zhivkov
Telerik team
Share this question
or