Manage Connection String

6 posts, 0 answers
  1. Olivier
    Olivier avatar
    146 posts
    Member since:
    Nov 2010

    Posted 26 Dec 2014 Link to this post

    Hello

    I read this article : http://docs.telerik.com/data-access/developers-guide/integrating-data-access-in-your-solution/data-access-tasks-deployment-connections-n-tier-applications

    And i would like to know if it's possible to manage connection string Programatically,

    i want to create a Partial Class EntitiesModel : to override the connection String in function of my Office,
    It's my Office  i get a local server and if it's server web remote , the remote connecting string.

    I have a Variable for my Local Server or Remote Server , i would if it's possible to manage in Partial Class or other, for my Web App

    thanks
    Olivier
  2. Olivier
    Olivier avatar
    146 posts
    Member since:
    Nov 2010

    Posted 26 Dec 2014 Link to this post

    Hello

    It's Resolved , i found a solution.

    You Create a Partial Class like this

    public partial class EntitiesModel
      {
     
          
          static EntitiesModel()
          {
               
              string cSqlServerString = "data source=myserver;Initial Catalog=mydatabase;Integrated Security=True;Persist Security Info=False;Asynchronous Processing=True; providerName=System.Data.SqlClient";
              if (System.Net.Dns.GetHostName().ToLower().Contains("frontbackend")) {
                  cSqlServerString = "Data Source=myserverbackend;Initial Catalog=mydatabase;Persist Security Info=True;User ID=mylogin;Password=mypassword;Asynchronous Processing=True;providerName=System.Data.SqlClient";
              }
              connectionStringName = cSqlServerString;
     
          }
     
      }



  3. DevCraft banner
  4. Viktor Zhivkov
    Admin
    Viktor Zhivkov avatar
    291 posts

    Posted 29 Dec 2014 Link to this post

    Hi Olivier,

    The solution that you have found will work in your scenario, but has two issues:
    1. Security issue - your connection string will be compiled in the assembly and can easily be read by anyone having the file and a decompiler. This exposes not only your database server's name, but also some credentials.
    2. Maintainability issue - in case you need to change any part of the connection string you will have to build and re-deploy new version of your assembly. In some cases this might by easy thing to do, but in most production applications it won't be.
    Fortunately there is an easy solution for both problems - you can put both connection strings in a app.config/web.config file, give them different names and just switch the names in your code as you are currently doing. Telerik Data Access will resolve the connection string from the config file by its name automatically so you need to only provide only the name.
     
    Regards,
    Viktor Zhivkov
    Telerik
     
    OpenAccess ORM is now Telerik Data Access. For more information on the new names, please, check out the Telerik Product Map.
     
  5. Olivier
    Olivier avatar
    146 posts
    Member since:
    Nov 2010

    Posted 29 Dec 2014 Link to this post

    Hello Viktor,

    If i use web.config, anyone can easily read if the get this without decompiler ? (Yes or Not) ?

    If i use app.config (i have two project the main app and the entity project to simplify this.),
    i need to store this file (app.config) in the main project or the entity project ?

    The app.config has need to deploy on the website ? or it's compiled in the dll ?

    thanks
    olivier
  6. Olivier
    Olivier avatar
    146 posts
    Member since:
    Nov 2010

    Posted 29 Dec 2014 Link to this post

    Hello Viktor,

    If i use Web.config, the file can be read by anyone getting the file, it's the same problem ? (or you see other)

    I have two project the main app and the data access project, if i use app.config, i need to store, in the main or the data Access Project ? i need to deploy the app.config on the website ? or it's compiled on the dll ?

    thanks olivier
  7. Viktor Zhivkov
    Admin
    Viktor Zhivkov avatar
    291 posts

    Posted 30 Dec 2014 Link to this post

    Hello Olivier,

    Usually the config files for production environment are managed by the person responsible for the deployment and management of the system and are modified on the same machines as they are deployed to reduce the risk of being compromised between the development and the deployment process. In such scenario if an unauthorized person gets access to the production configuration files on your production machine you are already in big trouble because you have a security breach.
    On the other hand while your assemblies are still sensitive they contain (or should contain) less security critical details while they are passing between different development, testing and integration workflows. So if a malicious person acquires any of them he/she may gain knowledge of the system's routines, but not where exactly the data is coming which gives you another layer of protection.

    For your scenario with two separate projects you need to specify the configuration in the app.config file of the executable (your Windows or Console application) or in the web.config of your web application. For a web site you will use a web.config file in the root web site folder and it will not be compiled in the assembly. 

    If you need any further assistance do not hesitate to contact us.

    Regards and Happy New Year,
    Viktor Zhivkov
    Telerik
     
    OpenAccess ORM is now Telerik Data Access. For more information on the new names, please, check out the Telerik Product Map.
     
Back to Top
DevCraft banner