[
https://issues.apache.org/jira/browse/STONEHENGE-15?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12775120#action_12775120
]
Nicholas A Hauenstein commented on STONEHENGE-15:
-------------------------------------------------
Well the whole connection string isn't being stored in the AppSettings section,
just the values that would make up the connection string. It looks like the
actual connetion string is either being built programmatically within
Settings.cs in the ConfigServiceConfigurationSettings project, and/or within
the SQLHelper.cs file of the Utility project (which actually includes the user
id and password inline in the code).
> Protect connection strings in Business Services and Order Processor solutions
> -----------------------------------------------------------------------------
>
> Key: STONEHENGE-15
> URL: https://issues.apache.org/jira/browse/STONEHENGE-15
> Project: Stonehenge
> Issue Type: Improvement
> Components: DOTNET_BS, DOTNET_OPS
> Environment: .NET trunk
> Reporter: Scott Golightly
> Assignee: Scott Golightly
> Priority: Minor
> Fix For: M2
>
> Original Estimate: 2h
> Remaining Estimate: 2h
>
> The database connection strings are listed in plain text in the configuration
> files. .NET provides the means to encrypt the connection strings and
> automatically decrypt the values before using it. Encrypting the connection
> string is a best practice to protect the database login information.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
