How do I override the connection string property in a derived class

  • Thread starter Thread starter syd
  • Start date Start date
S

syd

Working for a large corporation, They get quite anal about security.
Currently we use an in house deceloped active x control to dispense
connections to databases. Each DB having different credentials.

Now that we are settling on dotnet as the preferred platform, I have to
duplicate this functional for the ADONET platform. I have a class to
securely store/retrieve the connections strings in the registry.

I am working on a class to wrap around the DAAB but I realized that if I
return a connection object to the user (or any database based object) a
Clever developer can get the connection string since it is a property of
the connection object.

I have read a little about hiding in a derived class a method, but am
completely lost when putting it in practice.

How do I override the connection string property in a derived class (from
system.data...) and have the connection string come back blank (or null)
preserving all the other method properties of the connection object?
Plus I guess if the answer is yes a little stub of how this magic is
accomplished would be stellar.
 
You can request that the ConnectionString NOT persist the security
information, but that's about it.
Me.SqlConnection1.ConnectionString = "workstation id=BETAV1;application
name=VBTest;packet size=4096;user id=Admin;data source=betav7;persist
security info=False;initial catalog=biblio"

there will be a few more options in ADO 2.0.


--
____________________________________
William (Bill) Vaughn
Author, Mentor, Consultant
Microsoft MVP
www.betav.com
Please reply only to the newsgroup so that others can benefit.
This posting is provided "AS IS" with no warranties, and confers no rights.
__________________________________
 
syd,
I definitely like to hear about companies that are anal about security, it
is a good trend. I have to say one thing though, if you are currently
returning a connection in your current active x control or if your activex
control connects to the database directly from the client then you must be
fooling yourself if you believe that a "Clever developer" does not have
access to the log in information. I can definitely guarantee that you will
not be able to hide this information in .NET.

If you absolutely require to hide connection information from the client
side developer (or user) the _only_ possible solution is to completely hide
the database from him. For example you could make a web service that exposed
methods ExecuteNonQuery for non row returning queries and DataSets for
Selects. Then you would need to place this web service in a secure computer
and make the database only visible to the web service machine.

If you give an unsafe user administrative access to a machine that connects
to your database there is no way to call that database secure. Period.

--
Angel Saenz-Badillos [MS] Managed Providers
This posting is provided "AS IS", with no warranties, and confers no
rights.Please do not send email directly to this alias.
This alias is for newsgroup purposes only.
I am now blogging about ADO.NET: http://weblogs.asp.net/angelsb/
 
Back
Top