Hi dev Team,
I have concern on securing password connecting for csdbe in CsEntry ,I can set this using connection string in my pff file but user can read pff and get the password back, Is there a another secure method available to prevent obtaining password.
secureing connection string
-
justinlakier
- Posts: 238
- Joined: November 21st, 2022, 4:41 pm
Re: secureing connection string
Hello,
See the documentation on .csdbe files and Dictionary Security Options. When the password is given as a connection string to the .pff file, it either sets the password for a newly created .csdbe file or attempts to open an existing .csdbe file automatically using that password. Without the password as a connection string, the password is stored by the .csdbe file and the enumerator will have to manually enter the password. This means that in order to access the encrypted file either the user or the .pff needs to enter the password, and the .pff file is not itself encrypted. The way to keep the password the most secure from a hacker is to remove the connection string and require the user to enter the password, however that would require all of the users knowing the password. You can see the Connection String documentation for an example where enumerators set their own passwords for their data.
Hope this helps,
Justin
See the documentation on .csdbe files and Dictionary Security Options. When the password is given as a connection string to the .pff file, it either sets the password for a newly created .csdbe file or attempts to open an existing .csdbe file automatically using that password. Without the password as a connection string, the password is stored by the .csdbe file and the enumerator will have to manually enter the password. This means that in order to access the encrypted file either the user or the .pff needs to enter the password, and the .pff file is not itself encrypted. The way to keep the password the most secure from a hacker is to remove the connection string and require the user to enter the password, however that would require all of the users knowing the password. You can see the Connection String documentation for an example where enumerators set their own passwords for their data.
Hope this helps,
Justin