Securing Database Access

EMarketOffer's database access parameter handling provides your system administrator with several options for configuring the program to conform with in-house IT security policies.

Embedded Access Details

The simplest option is to embed a valid username and password directly into the Connection String. The following example shows a Connection String constructed to allow John Doe access to the 'MarketDB' database hosted on a Microsoft SQL server:

Provider=SQLOLEDB;Data Source=MarketServer1;Initial Catalog=MarketDB;User ID=JohnDoe;Password=JDPassword

John Doe must be established as a valid user of the MarketDB database and have read access to any table referenced by any EMarketOffer queries using the Connection String. The Connection String is stored as an .xml file in the Connection data folder. This file is plain text and the database access details can easily be extracted, posing a potential security risk where EMarketOffer workstations are located in unsecured areas.

Prompted Access Details

To reduce the security risk, access details can be prompted on program launch and embedded into the Connection String. This is achieved by replacing the plain text access details with embedded variable references, as in the following example:

Provider=SQLOLEDB;Data Source=MarketServer1;Initial Catalog=MarketDB;User ID=$UserName$;Password=$Password$

On launching and finding the variable references EMarketOffer opens the following Access Parameters Dialogue (this can also be invoked using the Test Button in the Data Connection Window):