ConnectionString - Level Extreme

Level Extreme platform

Subscription

Corporate profile

Products & Services

Support

Legal

Français

ConnectionString

Message

From

25/05/2004 01:57:29

Stephen Lee
Client Marketing Systems, Inc.
Pismo Beach, California, United States

24/05/2004 17:31:47

Simon Clark
Sjc Systems Limited
Market Harborough, United Kingdom

General information

Forum:

ASP.NET

Category:

The Mere Mortals .NET Framework

Title:

Re: ConnectionString

Miscellaneous

Thread ID:

00905114

Message ID:

00906794

Views:

>Have you considered someone using Excel next to your application and >connecting directly to your SQL Server to pull data out?

This is the exact reason why I want to change the connection string after the user is validated. I store a username and password in the app.config file for initial user validation. This particular SQL user has only one security right, which is the ability to call a "User Validation" store procedure and nothing else. This way, if someone get the username and password off the app.config file, they can't look at any data or do any damage.

The returning dataset of the successful user validation contains a new SQL username and password which have full access to the database.

Stephen Lee

--------------------------------
Too much to code
Too little time
--------------------------------

Map

View

Click here to load this message in the networking platform