Databases
StackOverflow2013
Postsdbo
PO
Body
 

Note that there are some explanatory texts on larger screens.

plurals
  1. PO
    text
    copied!<p>Your absolutely right the SecureString does not provide you with any benefit when you need to pass the string to a managed API, such as setting a ConnectionString.</p> <p>It's really designed for secure communication with secure non-managed APIs.</p> <p>Microsoft could theoretically consider enhancing SqlConnection object to support a secure ConnectionString, but I think they're unlikely to do so because:</p> <ul> <li><p>SecureString is really only useful in a client app, where e.g. a password is built character by character from user input, without ever having the whole password in a managed string.</p></li> <li><p>In such an environment, it's more common to be using Windows authentication for connections to SQL Server.</p></li> <li><p>On a server there are other ways to protect the SQL Server credentials, starting by limiting access to the server to authorized administrators.</p></li> </ul> <hr> <p><strong>2012</strong> </p> <p>Microsoft <em>did</em> enhance <strong><a href="https://msdn.microsoft.com/en-us/library/system.data.sqlclient.sqlconnection(v=vs.110).aspx" rel="nofollow noreferrer">SqlConection</a></strong> object to support a secure <strong>ConnectionString</strong> by passing a <strong><a href="https://msdn.microsoft.com/en-us/library/system.data.sqlclient.sqlcredential(v=vs.110).aspx" rel="nofollow noreferrer">SqlCredential</a></strong> to the new <strong><a href="https://msdn.microsoft.com/en-us/library/system.data.sqlclient.sqlconnection.credential(v=vs.110).aspx" rel="nofollow noreferrer">SqlConnection.Credential</a></strong> property:</p> <pre><code>SecureString pwd = AzureVault.GetSecretStringSecure("ProcessPassword"); SqlCredential = new SqlCredential("Richard", pwd) connection.Credential = cred; </code></pre> <p>Unfortunately no other <strong><a href="https://msdn.microsoft.com/en-us/library/system.data.common.dbconnection(v=vs.110).aspx" rel="nofollow noreferrer">DbConnection</a></strong> descendant <em>(e.g., OdbcConnection, OleDbConnection, OracleConnection, EntityConnection, DB2Connection)</em> supports it.</p>
 

Querying!

 
Guidance
An individual column

Larger individual text columns get their own page to allow for proper reading.

SQuiL has stopped working due to an internal error.

If you are curious you may find further information in the browser console, which is accessible through the devtools (F12).

Reload