Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

How is everyone storing connectionstrings?

I was wondering if people could post their solution to the ongoing problem of local databases and different connectionstrings among many developers in one project within source control?

More specifically, I'm talking about the problem where a project that is in source control and has many developers with a local database each. Each developer has their own connection string (named instance, default instance, machine name, username, password, etc). Every check in overrides the previous version and pulling the latest version results in using someone else's connection string.

So, people, which solution are you using for this problem? Extra points for explanations on why their solution works, pros, and cons.

EDIT Keep in mind that this answer shouldn't be targeted only to an enterprise environment where you have full control of the setup. The right solution should work for everyone: enterprise, startup, and open source devs.

Thanks!

like image 942
Jonas Stawski Avatar asked May 09 '12 21:05

Jonas Stawski


People also ask

Where are connectionStrings stored?

Connection strings can be stored as key/value pairs in the connectionStrings section of the configuration element of an application configuration file. Child elements include add, clear, and remove. The following configuration file fragment demonstrates the schema and syntax for storing a connection string.

What is the best way to store the connection string?

The best way to secure the database connection string is to encrypt the value within the configuration file. The application would then load the encrypted value from the config file, decrypt the value, and then use the decrypted value as the connection string to connect to the database.

Should you store connection string information?

A connection string presents a potential vulnerability if it is not secured. Storing connection information in plain text or persisting it in memory risks compromising your entire system.

Which is the best place to store connection string in .NET projects?

Answers. The best place, I would say, is in the web. config. And, since 2.0, you can encrypt the connection strings out of the box.


1 Answers

To me, your question seems to imply one of two outcomes:

  1. A connection string is specified in the Web.config file that is generic enough to work for all local versions of the database. You've indicated that this isn't an ideal setup in environments where you don't have complete control.
  2. Each developer is required to supply his or her own connection string that is never checked into source control.

A few others have already covered the first scenario. Use localhost and follow a convention for the database name. For option 2, I'd recommend specifying a config source that doesn't get checked into source control:

<configuration>
  <connectionStrings configSource="connectionStrings.config"/>
</configuration>

EDIT:

connectionStrings.config

<connectionStrings>
  <add name="Name" 
    providerName="System.Data.ProviderName" 
    connectionString="Valid Connection String;" />
</connectionStrings>

From: http://msdn.microsoft.com/en-us/library/ms254494(v=vs.80).aspx

connectionStrings.config would be a file in the root of the project that you specifically excluded from source control. Each developer would be required to provide this file when working locally. Your production connection string could be substituted via a Web.config transformation on build / deployment.

like image 107
Nathan Donze Avatar answered Oct 07 '22 04:10

Nathan Donze