Results 1 to 6 of 6
  1. #1
    Join Date
    Nov 2009
    Posts
    5

    Saving database information

    Hi Guys,

    I am new to programming, so kindly bear me

    I am working on a project where parameters needed for database connection will be provided only once to the application. The question is

    how and where to save such information to use the parameters for later use ?

    which format will be secure ?

    Thankx

  2. #2
    Join Date
    May 2009
    Location
    India
    Posts
    66
    As far as i could understand, the connection information is given as a parameter to the application. If it doesn't change at all, then better to store it in a small table in the database that has read right granted to all users.

    During application run time, read the data, store it into a global variable and release the table for the next user.

    If you tell the exact details of the database and language, you will get more exact responses.

    End

  3. #3
    Join Date
    Mar 2009
    Location
    Sydney, Australia
    Posts
    258
    (Not sure what you mean either.)

    "Only once" ? Passwords and permissions within the server/db change all the time. The password should be provided each time the app is launched.

    For a pure client-side app, store the connection parameters PLUS the database version it runs against (Not product version, but app version) in the app, not the db. That means a small file on the users C: drive. Never store the password, always ask for it. When the app is launched it picks up the parms from the file, asks the user for the password, and connects. Once connected, it checks that the app version matches the db version (else abort).

    Once you have that running, you can support connections to different environments of the db (Prod, UAT, Test): store them all in the same local file; when launched, provide a drop-down and let the user choose which environment they want, then the password.

    This allows:
    • client app v1.0 (distributed to all users) to run against db v1.0 for production
    • client app v1.2 (distributed to UAT testers only, but they then have two apps sitting on their desk top connecting to two dbs, and we do not want mixups, do we) to run against db v1.2 for UATesting
    • client app v1.3 (on the developers desktop, etc) for Dev
    • if the app team provides the v1.3 prototype to a couple of users, accidentally conecting to the wrong db is prevented
    • all db versions to be on the same or different servers (connection string)

    If you have a different sort of app that always connects and uses the db, but the connection parms and "provided only one", such as a licensed monitoring product, the above still applies, but you do not have to worry about versions or environments (there will be only line line in the file). However, the password becomes the problem; if you store it, you have to encrypt the file, which means linking encrypt/decrypt libraries into the app.
    Regards
    Derek Asirvadem (Formerly DerekA)
    Information Architect / Senior Sybase DBA
    Copyright 2009 Software Gems Pty Ltd

    I answer questions from the Original Poster only. If you have a genuine question, as the moderators have requested, start a new thread.

    http://www.softwaregems.com.au

  4. #4
    Join Date
    Dec 2007
    Location
    London, UK
    Posts
    741
    Quote Originally Posted by programmer newbee View Post
    Hi Guys,

    I am new to programming, so kindly bear me

    I am working on a project where parameters needed for database connection will be provided only once to the application. The question is

    how and where to save such information to use the parameters for later use ?

    which format will be secure ?

    Thankx
    Use some form of integrated / single-signon security such as Active Directory. Attempting to "hide" the user's credentials on the client side is no kind of security at all.

  5. #5
    Join Date
    Mar 2009
    Location
    Sydney, Australia
    Posts
    258
    Just to be clear, in my post, I was not suggesting any form of "hiding" the user's credentials.
    Regards
    Derek Asirvadem (Formerly DerekA)
    Information Architect / Senior Sybase DBA
    Copyright 2009 Software Gems Pty Ltd

    I answer questions from the Original Poster only. If you have a genuine question, as the moderators have requested, start a new thread.

    http://www.softwaregems.com.au

  6. #6
    Join Date
    Nov 2009
    Posts
    5
    thanks guys for your help

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •