How sqlConnection hides connection string password

Question

How sqlConnection hides connection string password

I am making a component that uses some data to connect to the database, this data includes the user ID and password, it stores these values in private variables, but any programmer can see the value in the debugger after initialization, so I wonder how SqlConnection does. to hide this value, when I see the value of the ConnectionString property, I see all the information except the password, its storage somewhere, but it does not make it visible even in the debugger, I don’t see any variable that, while saving the password, I know what i can secure password with SecureString, but I'm wondering how to implement the SqlConnection object.

Thanks.

Juan Zamudio

+5

.net ado.net

Juan zamudio Dec 11 '08 at 6:52

source share

1 answer

Vinko Vrsalovic · Answer 1 · 2008-12-11T07:54:18+0000

From the manual :

ConnectionString is similar to OLE DB, but not identical. Unlike OLE DB or ADO, the returned connection string is the same as the ConnectionString user set, minus the security information if Persist Security Info is set to false (default). The .NET Framework Data Provider for SQL Server is not saved and the password is not returned in the connection string unless you set Persist Security Info to true.

I am not sure how this is implemented. My unverified assumption is that it populates the structure with security parameters, which it then sends to the server, and never saves them unless you set Persist Security Info to true.

How sqlConnection hides connection string password

More articles: