Ben, I hadn't considered the need to change the connection string before encrypting it. The command to encrypt and decrypt the sections is fairly easy and could be added as a setup step or better yet I can look into making it a post build step. I will investigate that use case before I check in the changes.
Scott Golightly -----Original Message----- From: Ben Dewey [mailto:[email protected]] Sent: Tuesday, April 14, 2009 6:49 PM To: [email protected] Subject: RE: [jira] Assigned: (STONEHENGE-15) Protect connection strings in Business Services and Order Processor solutions Scott, I have been running SQL Express on most of my installs; I have to change the database instance name before running the project. Would I still be able to change the instance names on the connection strings if they're protected? Ben ________________________________________ From: Scott Golightly [[email protected]] Sent: Tuesday, April 14, 2009 7:45 PM To: [email protected] Subject: RE: [jira] Assigned: (STONEHENGE-15) Protect connection strings in Business Services and Order Processor solutions Since the services are running and interacting with the configuration files any changes would be contained completely inside the service and would not affect the ability to interchange front end client, business service, or order processing services. Scott Golightly -----Original Message----- From: Drew Baird (Volt) [mailto:[email protected]] Sent: Monday, April 13, 2009 2:41 PM To: [email protected] Subject: RE: [jira] Assigned: (STONEHENGE-15) Protect connection strings in Business Services and Order Processor solutions Scott, I totally agree that it is the best practice. However for discussion purposes: 1. Will this break php, ruby etc? 2. How does this impact demo-ability? (I am familiar with the APIs but I am worried about unintended consequence (at least for M1)) Thanks1 Drew -----Original Message----- From: Scott Golightly (JIRA) [mailto:[email protected]] Sent: Monday, April 13, 2009 1:24 PM To: [email protected] Subject: [jira] Assigned: (STONEHENGE-15) Protect connection strings in Business Services and Order Processor solutions [ https://issues.apache.org/jira/browse/STONEHENGE-15?page=com.atlassian.jira. plugin.system.issuetabpanels:all-tabpanel ] Scott Golightly reassigned STONEHENGE-15: ----------------------------------------- Assignee: Scott Golightly > Protect connection strings in Business Services and Order Processor solutions > ---------------------------------------------------------------------------- - > > Key: STONEHENGE-15 > URL: https://issues.apache.org/jira/browse/STONEHENGE-15 > Project: Stonehenge > Issue Type: Improvement > Environment: .NET trunk > Reporter: Scott Golightly > Assignee: Scott Golightly > Priority: Minor > Original Estimate: 2h > Remaining Estimate: 2h > > The database connection strings are listed in plain text in the configuration files. .NET provides the means to encrypt the connection strings and automatically decrypt the values before using it. Encrypting the connection string is a best practice to protect the database login information. -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online.
