Environment variable and connection configuration

Question

0.00/5 (No votes)

See more:

Hello All

Where should I store my connection string and environment variables in my web application.

Like I have menu having 5pages in it. Every page is going to call Oracle database and UNIX shell script. Right now I opening a connection one per page but it seems like not to good idea to open a connection every time.

I want something like once user gets log in into web interface , all database connection and UNIX connection must be open until log out. and What should I do to give 45mins of session timeout for ideal state of web interface?

Posted 5-Mar-11 12:14pm

MissDev

Add a Solution

2 solutions

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

luisnike19 · Answer 1 · 2011-03-05T12:19:00

Solution 1

Answering your first question, the connection string should be in a config file. You must encrypt to have more security.

http://ondotnet.com/pub/a/dotnet/2005/02/15/encryptingconnstring.html[^]

http://www.developer.com/net/vb/article.php/3500906/Encrypt-Connection-Strings-in-VS-2005-config-Files.htm[^]

Posted 5-Mar-11 12:19pm

luisnike19

Comments

Sergey Alexandrovich Kryukov 5-Mar-11 18:36pm

Encryption is a good point (not always needed I would say), my 5. A also added my advice on the environment variables. What do you think?
--SA

MissDev 5-Mar-11 20:02pm

Hey , these links are so useful but only thing is my database server is ORACLE and UNIX. and I am using C# as a code-behind file. These two links have explanation regarding VB.Net but it seems very helpful.

DO you have other resources to get into my knowledge.

Sergey Alexandrovich Kryukov · Answer 2 · 2011-03-05T12:36:00

Solution 2

The answer by luisnike19 provides good information about encryption. I don't think you need encryption in all cases though.

As to the environment variables, here it what I think:

You can work without environment variables; store all you need in your configuration which can be as custom as you want.
You should avoid using environment variables by all means.

—SA

Posted 5-Mar-11 12:36pm

Sergey Alexandrovich Kryukov

Comments

MissDev 5-Mar-11 19:56pm

But in my case , PM needs me to encrypt config file so nobody can actual see password and user names and all that. I never do this before so do not know how to do and also i never added environment variables?

What exactly it cause if I use environment variable?

Sergey Alexandrovich Kryukov 6-Mar-11 1:47am

I'm telling you, don't use environment variables. Isn't that obvious? They will work, but this is so dirty. Well, imaging a user who installed your software, its adds to environment variables. When the user removes your software, do you want to take responsibility for removing environment variables? It's hard to guarantee. But if not, the user adds garbage to the registry. Another product, another one. If every products add its dirt, it's a trouble.

At the same time, there is a legitimate file path where all user information should be kept, officially documented. (System.Environment.GetFolder) Well, for example...

You don't show any reason why should you. You should use configuration. You can create your own configuration file.

--SA

MissDev 7-Mar-11 10:25am

To SA

so you are telling me not to use Environment Variables. I got you point why you are saying so. But now main concern is How can then I hide user name and password in configuration file?

Sergey Alexandrovich Kryukov 7-Mar-11 15:06pm

This is yet another reason to use file instead, because you can apply encryption.
Didn't the references by luisnike19 help you?

As to the stored passwords, this is a different story. I don't know what is your authentication schema. Are you talking about password for authentication in your service (or perhaps something else)? The key here is that you never need to store unencrypted password. You can compare the password in encrypted form recieved during authentication directly with the encrypted stored password. If you're using assymmetric encryption, this is practically unbreakable: even if someone breaks in your system and get encrypted password, the intruder won't be able to crack it to get the password.

--SA