ADO.NET link string storage and its use

Storage chain string

There are a variety of ways to store chain strings, each with different degrees of flexibility and security. Although the string is hardcoded in the source code, the file system cache ensures that performance loss associated with external storage strings outside the diploma system can be ignored. In fact, additional flexibility provided by external link strings (allowing administrators) is popular in any case. When you choose to store a chain string, the two important factors to consider are the security and simplicity of configuration, followed by performance. You can choose to store the database link string in the following locations: • Application profile, for example, a web.config file for ASP.NET web applications. • Universal Data Link File (UDL) (supported by OLE DB .NET Data Supply) • Windows Registry • Customized File • COM Directory Server can avoid the storage user name and password in the link string. If the safety requirements require more stringent, consider the memory of the links in an encrypted format. For ASP.NET web applications, the link string is stored in a web.config file in encryption format is a secure and configurable solution. Note that in the link string, set the Persist Security Info Names value to false, you can prevent the Connectionstring property of the SQLCONNECTION or OLEDBCONNECTION object to return to security sensitive content, such as passwords. The following sections discusses how to store chain strings with these methods and illustrate relative advantages and disadvantages. This allows you to make a corresponding choice based on a particular application environment.

Profile using an XML application profile You can use the element to store the database link string in the custom setting portion of the application configuration file. This element supports any keyword-value pair, as shown in the following code snippet: Note Elements Now below element, and cannot appear directly in . Advantages • Easy to deploy. The link string is deployed with the configuration file through regular .NET XCOPY deployment. • It is easy to access by the program. The appSettings property of the ConfigurationSettings class makes it easier to read the database link string at runtime. • Support dynamic updates (ASP.NET only). If the administrator updates the link string in the web.config file, the next time the change in the string is accessed, this is a stateless component, as the customer re-uses the components. Data Access. Request. Disadvantages • Security. Although the ASP.NET Internet Server Application Programming Interface (ISAPI) DLL blocks the customer from directly accessing the file with the .config extension, and NTFS file system permissions are also used to further restrict access, but you may still want to avoid these ways. The content is stored on the web server on the front end. To increase security, you need to store the link string in an encrypted format in the configuration file. MORE INFORMATION • Using the System.Configuration.ConfigurationSettings class AppSettings static properties, you can get custom settings for your application. As shown in the following code snippet, it is assumed here to set the set keyword for DBConnStr. Using system.configuration; private string getdbasettings.appsettings ["dbconnstr"];} • For more information on configuring .NET Framework applications, see http://msdn.microsoft.com/library/en- US / CPGUIDE / HTML / CPCONCONFIGURINGNETFRAMEWORKAPPLICATIONS.ASP.

Using the UDL file OLE DB .NET Data Supply Use the Unified Data Link (UDL) file name in its link string. The link string can be transmitted to the OLEDBConnection object in the form of building parameters, or set up a link string using the Connectionstring property of the object. Note SQL Server .NET Data Supply does not support using UDL files in its link string. Therefore, this method is only valid using the OLE DB .NET data supplier. For OLE DB supplies, use the link string to reference the UDL file, use "file name = name.ud,". Advantages • Standard method. You may have been managed by the UDL file. Disadvantages • Performance. Each time you open the link, the link string containing UDLS is read and parsed. • safety. The UDL file is stored in a plain text. With NFTS file permissions, you can ensure the security of these files, but this will lead to the same problem as the .config file. • The SQLClient object does not support UDL files. This method is not supported by the SQL Server .NET data vendor, and you want to use this supplier to access SQL Server 7.0 and its later versions. MORE INFORMATION • Must ensure that administrators have read / write access to this file for management, and ensure that the identity of the application has read permissions. For the ASP.NET web application, the application worker process is run by default, but it can be overwritten by using the element in the Machine.config in the machine range. Using the element in the web.config file, you can pretend to be pretended to use an optional specified account. • For web applications, make sure that the UDL file is not placed in the false directory, because the file can be downloaded from the web. • For more information on these and other ASP.NET features related to security, see http://msdn.microsoft.com/library/en-us/dnbda/html/authaaspdotnet.asp .. Using the Windows Registry You can store the link string in a Windows registry using a custom keyword, but not for use due to deployment issues. Advantages • Safety. With Access Control List (ACLs), access to the selected registry keyword can be managed. For higher levels of security, consider encrypting data. • It is easy to access by the program. The .NET class supports reading a string from the registry. Disadvantages • Deployment. The relevant registry settings must be deployed with applications to some extent the advantages of XCOPY deployment. You can use a custom file to store a chain string using a custom file, but this technology is not an advantage, so it is not recommended. Advantages • No Disadvantages • Additional coding. This approach requires additional coding and forcing you to clearly handle the simultaneous problems. • Deploy. This file must be copied with other ASP.NET application files. Avoiding this file in a directory or subdirectory of the ASP.NET application, you can prevent it from downloading through the network.

Use build parameters and COM directories to store the link string in the COM directory and use the object's constructor to automatically pass it to the object. COM When the object is initialized, the construct method of the object will be called immediately after the configuration construct string. Note that this method is only for service components. This method is considered only if the management component uses other services, such as distributed transaction support or object poolization. Advantages • Management. With component service MMC plugins, administrators can easily configure link strings. Disadvantages • Security. The COM directory is considered an insecure store (although you can limit the access to it by using the COM role), and thus cannot be used to maintain the link string in a clear text. • Deploy. The entry in the COM directory must be deployed with the .NET application. If other business services such as distributed transactions or objects are used, store the database link string in the directory will not increase the additional overhead of deployment, because other services must be supported, the COM directory must be deployed. • You must provide services for components. Constructed strings can be used only for the components of the service. To enable constructing strings, you cannot derive the required component classes from the ServicesDComponent class (this will serve the component). MORE INFORMATION • About How to Configure the .NET class for more information on how to construct a .NET class, see how to enable object constructs for .NET class. • For more information on the development of service components, see http://msdn.microsoft.com/library/en-us/cpguide/html/cpConwritingServicedComponents.asp. Link usage mode No matter what .NET data supplier, you must always: • Open the database link as much as possible. • Use this link with as short as possible. • Close this link as quickly as possible. Link until it is closed through the Close or Dispose method, it returns to the pool. Even if it is found to be in a crash state, it should also be closed. This ensures that it can return to the pool and is marked as invalid. The object pool periodically scans the pool to find objects that have been marked as invalid. To ensure that the method returns the front link has been closed, consider the method of demonstrating in the following two codes. The first example uses the finally block, and the second example uses a C # using declaration, which ensures that the object's Dispose method is called. The following code ensures that the Finally block is closed. Note that this method is only used in Visual Basic .NET and C # because Visual Basic .NET supports structured exception processing. Public void dosomework () {sqlconnection conn = new sqlConnection; sqlcommand cmd = new sqlcommand ("commandproc", conn); cmd.commandtype = commandtype.storedProcedure;