Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

how sqlConnection hides the password of the connection string

Tags:

.net

ado.net

I'm making a component which uses some data to connect to a database, this data includes user id and password, it store those values in private variables but any programmer can see the value in the debugger after the initialization, so I'm wondering how the SqlConnection does to hide that value, when I see the value of the property ConnectionString I see all the info except the password, its storing it somewhere but its not making it visible, even in the debugger i cant see any variable that's storing the password, I know i can secure the password using SecureString but I'm wondering how is the implementation of SqlConnection object.

Thanks.

Juan Zamudio

like image 994
Juan Zamudio Avatar asked Dec 11 '08 06:12

Juan Zamudio

People also ask

Does using SqlConnection open connection?

The SqlConnection is opened and set as the Connection for the SqlCommand. The example then calls ExecuteNonQuery. To accomplish this, the ExecuteNonQuery is passed a connection string and a query string that is a Transact-SQL INSERT statement. The connection is closed automatically when the code exits the using block.

Does using SqlConnection close connection?

The sqlConnection will close the connection after it will pass using block and call Dispose method.

What is connection string in SqlConnection?

The connection string is an expression that contains the parameters required for the applications to connect a database server. In terms of SQL Server, connection strings include the server instance, database name, authentication details, and some other settings to communicate with the database server.

1 Answers

From the manual:

The ConnectionString is similar to an OLE DB connection string, but is not identical. Unlike OLE DB or ADO, the connection string that is returned is the same as the user-set ConnectionString, minus security information if the Persist Security Info value is set to false (default). The .NET Framework Data Provider for SQL Server does not persist or return the password in a connection string unless you set Persist Security Info to true.

I'm not sure about how this is implemented. My unverified guess is that it fills a structure with the security parameters it then sends to the server, never actually storing them unless you set Persist Security Info to true.

like image 146
Vinko Vrsalovic Avatar answered Oct 19 '22 23:10

Vinko Vrsalovic
Sign in to Comment

Related questions

Why F#'s default set collection is sorted while C#'s isn't?
What is the reason for Task.IsCompleted to use cached flags?
Why isn't ConsoleAppender configured in app.config causing logs to write to the console?
Ajax Calls Return 401 When .NET Core Site Is Deployed
How to observe tasks that are not awaited due to failure in another awaited task in C#?
Using NuGet libraries in an Unmanaged C# .NET library project
Azure Pipelines: "Error NETSDK1004: Assets file '...\project.assets.json' not found." in Pipeline when caching Nuget packages with Cache@2 task
NSwag vs Swashbuckle
C#: Out of memory during dotnet build after migrate to NET 5
WinForms databinding and foreign key relationships
Optimizing/Customizing Sharepoint Search Crawling
Is there a way to return different types from a WCF REST method?
Using an ObservableCollection<T> with Background Threads
Feed paper on POS Printer C#
Is there a .net analogue to the Boost libraries?
rhino-mocks - good sample apps
What is the best mechanism for storing authentication settings in a WinForms app
WCF javascript proxy not found when endpoint address is not blank
Typed DataSet connection - required to have one in the .xsd file?
Determine if current user is a domain or local user?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!