You are using Microsoft Visual Studio 2010 and Microsoft.NET Framework 4 to create an application. The application connects to the Microsoft SQL Server 2008 database. The application uses the Microsoft ADO.NET SQL Server Managed Provider. If the connection fails, the application logs the connection information, including the full connection string. Information is stored as plain text in a .config file.
You need to make sure that the database credentials are protected.
What connection string should be added to the .config file?
A. Data Source = myServerAddress; Start Directory = myDataBase; Integrated Security = SSPI; Persist Security Info = false;
B. Data Source = myServerAddress; Start Directory = myDataBase; Integrated Security = SSPI; Persist Security Info = true;
C. Data Source = myServerAddress; Start Directory = myDataBase; User Id = myUsername; Password = myPassword; Persist Security Info = false;
D Data Source = myServerAddress; Start Directory = myDataBase; User Id = myUsername; Password = myPassword; Persist Security Info = true;
According to the manual, the answer is "A". But, in my opinion, the answer is "C". If we use Integrated Security = SSPI, we do not need to specify UserID and Password. Thus, Persist Security Info = false has no effect.
As far as I know, Persist Security Info only takes effect if there are User Credentials in the connection string.
Could you advise me which one is correct? Thanks.
source share