Open mikepizzo opened 8 years ago
What would we do differently with the sensitive portions of the connection string? String encryption is already possible (just encrypt the data before putting it in the connection string), and anything too sensitive to be persisted in the registry or an ini file can be acquired via prompts or role based access when the driver sees that the information is not present in the connection string it received.
Connection strings "contain all the information needed to establish a connection". While some of this information is used to identify the data source (i.e., server name), some of this information may be sensitive client-specific information (such as credentials).
It is often-time desirable to store the information needed to identify a datasource, to re-use across clients and applications, without storing the client-specific credentials.
Should we provide a general way to separate client-specific credential information from information identifying a data source a connection string?