2

I have been reading up on Linq to SQL security and am unsure of something.

In Visual Studio, when I drag and drop a table from Server Explorer under Data Connections, I receive the following messsage:

"The connection string contains credentials with a clear text password and is not using integrated security. Do you want to save the connection string to the current DBML file and application configuration files with this sensitive information? Click No to save the connection string without the sensitive information."

What I gather is if I click yes, the password is included in the connection string saved to the DBML file and application configuration files. But what I am unsure about is, is this warning for local access that anybody who has access say to the project could see the password in the configuration files, or does it actually mean that when you connect to the database, the password is being sent to the database in clear text.

If the password is being sent across to the database in clear text, how do you secure your LINQ to SQL connection?

Thanks,

Neill

Improve this question

1 Answer 1

Reset to default
1

Visual Studio raises that alert because you are saving the details in plain text configuration, rather than sending the password to the db in clear text.

There are various approaches to securing your webconfig file using Protected Configuration.

For example this SO question, this MSDN article or this Scott Gu blog all detail these approaches.

I find the aspnet_regiis command to be the easiest approach for securing the connection strings in my webconfig files.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.