| Author |
Topic |
|
sql_sam
Starting Member
1 Post |
 Posted - 2004-12-28 : 13:32:36
|
I'm trying to create a dll that uses a connection string to SQL Server so I can run queries or stored procedures. I'm am new to vb.net and am not sure what I need to do. Can anyone help?Thanks!  |
|
|
nr
SQLTeam MVY
12543 Posts |
|
|
jhermiz
3564 Posts |
Posted - 2004-12-28 : 15:14:26
|
| If this is an asp.net application you should be storing the connection string in the web.config file and not a seperate dll.JonA new beat on the web -- http://www.web-impulse.com |
 |
|
|
MichaelP
Jedi Yak
2489 Posts |
Posted - 2004-12-28 : 15:42:33
|
| ^^^ What he said. If it's a WinForms application it should be in the app.config file.Michael<Yoda>Use the Search page you must. Find the answer you will.</Yoda> |
|
|
|
joldham
Wiseass Yak Posting Master
300 Posts |
Posted - 2005-01-10 : 14:18:40
|
| Jon,Actually, it depends on what you want to do. I had an application and a requirement that the connection string not be visible as plain text on any page of the entire website. This prevented me from storing it in the web.config file. Instead, I placed it as a global application variable in the global.asax.vb file and compiled. This stored the string in the .dll compiled, therefore no plain text existed, except on my development machine. Normally, I would have used Trusted Connection, but multiple databases were being used on the DB server and would have opened the database up for anyone who knew the DB name to program a call to my database.Jeremy W. Oldham |
|
|
|
MichaelP
Jedi Yak
2489 Posts |
Posted - 2005-01-10 : 15:02:45
|
| Good point Jeremy, but what happens when something changes?If nothing every changes, your are fine. If something changes, you have to recompile your project. From a security point of view, I think that if someone got their hands on your DLL, they could easily decompile it and get your connection string. So, you are not really gaining anything security wise, but you are making maintence more difficult.That's why I think the web.config is just as good of a place as any. Michael<Yoda>Use the Search page you must. Find the answer you will.</Yoda> |
|
|
|
jhermiz
3564 Posts |
Posted - 2005-01-10 : 15:14:18
|
Jeremy,Who has access to the web.config file ?To me the location and security restrictions ensure that the web.config file isn't just a text file open for anyone.
Keeping the web experience alive -- [url]http://www.web-impulse.com[/url]
|
|
|
|
MichaelP
Jedi Yak
2489 Posts |
Posted - 2005-01-10 : 15:40:55
|
| ... and you cant' goto http://www.mysite.com/web.config either.Michael<Yoda>Use the Search page you must. Find the answer you will.</Yoda> |
|
|
|
joldham
Wiseass Yak Posting Master
300 Posts |
Posted - 2005-01-10 : 15:59:17
|
| Jon and Michael,As with most things, storing the string in a compiled DLL has it's disadvantages as mentioned by both. While the web.config file is not available through a browser interface, it is available in an intranet setting to anyone with rights to the folder. Again, this was not my requirement, but the requirement I was given. I obviously would want the permissions to be correct on the folder on the web server, but I did not have control over this.The only point I was trying to make is assuming that the connection string should be stored in the web.config is not always the right thing to do and that depending on the circumstances, storing it in a dll can be a viable option. The only gain you would get security wise is that most normal users would not have decompiler to use against the dll. You and I both know that a technically oriented user can do things most others can't.Jeremy W. Oldham |
|
|
|
ehorn
Master Smack Fu Yak Hacker
1632 Posts |
Posted - 2005-01-10 : 16:15:48
|
| You can also encrypt your web.config elements. http://www.obviex.com/CipherLite/Again this ends up being an "obscurity" method as Micheal points out (Decompilers). But a combination of encryption and obfuscation makes a decent protection layer.Also gives you the "best of both worlds" in that you don't require a recompile and the config file is not open to prying eyes. |
|
|
|
|
vb.net - dll connection string