Visual studio feeds

All Visual Studio blogs in one place

Subscribe

Enter your email address:

Delivered by FeedBurner

Increase your website traffic with Attracta.com

Google+

Contact

Email:
Subject:
Message:
Anti-spam: How many eyes has a typical person?

Follow us on FB

Search

Safer passwords with SqlCredential

AddThis Social Bookmark Button
Introduction Many users of SqlClient with SQL Server Authentication have expressed interest in setting credentials outside of the connection string to mitigate the memory dump vulnerability of keeping the User Name and Password in the connection string. Starting with .Net Framework 4.5, we have introduced the ability to set the credentials outside of the connection string via the new SqlCredential Credential property of SqlConnection. Now the developer can create a SqlCredential object with a UserId and a SecureString Password to hold the credential values of a connection when connecting to a server. This helps mitigate the threat of
credentials being leaked out to the page file in a page swap or being evident in a crash dump. Use Case Example System.Windows.Controls.TextBox txtUserId = new System.Windows.Controls.TextBox(); System.Windows.Controls.PasswordBox txtPwd = new System.Windows.Controls.PasswordBox(); using (SqlConnection conn = new SqlConnection("Server=myServer;Initial Catalog=myDB;")) { SecureString pwd = txtPwd.SecurePassword; pwd.MakeReadOnly(); SqlCredential cred = new SqlCredential(txtUserId.Text, pwd); conn.Credential = cred; conn.Open(); } Alternatively we can use the new SqlConnection constructor overload which takes both a connection string and credential object: SecureString pwd = txtPwd.SecurePassword; pwd.MakeReadOnly(); SqlCredential cred = new SqlCredential(txtUserId.Text, pwd); using (SqlConnection conn = new SqlConnection("Server=myServer;Initial Catalog=myDB;", cred)) { conn.Open(); }
SqlCredential Class More information about the new SqlCredential class can be found at:

Home : Blog List : ADO.NET team blog - Site Home - MSDN Blogs : Safer passwords with SqlCredential