What is the difference between Integrated Security = True and Integrated Security = SSPI?
I have two apps that use Integrated Security. One assigns Integrated Security = true in the connection string, and the other sets Integrated Security = S
-
In my point of view,
If you dont use Integrated security=SSPI,then you need to hardcode the username and password in the connection string which means "relatively insecure" why because, all the employees have the access even ex-employee could use the information maliciously.
讨论(0) -
Using Windows Authentication
To connect to the database server is recommended to use Windows Authentication, commonly known as integrated security. To specify the Windows authentication, you can use any of the following two key-value pairs with the data provider. NET Framework for SQL Server:
Integrated Security = true; Integrated Security = SSPI;However, only the second works with the data provider .NET Framework OleDb. If you set
Integrated Security = truefor ConnectionString an exception is thrown.To specify the Windows authentication in the data provider. NET Framework for ODBC, you should use the following key-value pair.
Trusted_Connection = yes;Source: MSDN: Working with Connection Strings
讨论(0) -
Many questions get answers if we use
.Net Reflectorto see the actual code ofSqlConnection:)trueandsspiare the same:internal class DbConnectionOptions ... internal bool ConvertValueToIntegratedSecurityInternal(string stringValue) { if ((CompareInsensitiveInvariant(stringValue, "sspi") || CompareInsensitiveInvariant(stringValue, "true")) || CompareInsensitiveInvariant(stringValue, "yes")) { return true; } } ...EDIT 20.02.2018 Now in .Net Core we can see its open source on github! Search for ConvertValueToIntegratedSecurityInternal method:
https://github.com/dotnet/corefx/blob/fdbb160aeb0fad168b3603dbdd971d568151a0c8/src/System.Data.SqlClient/src/System/Data/Common/DbConnectionOptions.cs
讨论(0)
加载中...
- 热议问题