Securing Database Access

From EMO Wiki
Revision as of 11:19, 17 December 2012 by Sisep (talk | contribs) (Created page with "{{#hidens:}} ''EMarketOffer's database'' access parameter handling provides your system administrator with several options for configuring the program to conform with in-house...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

EMarketOffer's database access parameter handling provides your system administrator with several options for configuring the program to conform with in-house IT security policies.

Embedded Access Details

The simplest option is to embed a valid username and password directly into the Connection String. The following example shows a Connection String constructed to allow John Doe access to the 'MarketDB' database hosted on a Microsoft SQL server:

Provider=SQLOLEDB;Data Source=MarketServer1;Initial Catalog=MarketDB;User ID=JohnDoe;Password=JDPassword

John Doe must be established as a valid user of the MarketDB database and have read access to any table referenced by any EMarketOffer queries using the Connection String. The Connection String is stored as an .xml file in the Connection data folder. This file is plain text and the database access details can easily be extracted, posing a potential security risk where EMarketOffer workstations are located in unsecured areas.

Retrieved from "http://emo.energylink.co.nz/index.php?title=EMO:Securing_Database_Access&oldid=2831"