欢迎访问 生活随笔!
TAG聚合

生活随笔

当前位置: 首页 > 编程资源 > 编程问答 >内容正文

编程问答

Persist Security Info 参数的作用

发布时间:2024/9/5 编程问答 63 豆豆
生活随笔 收集整理的这篇文章主要介绍了 Persist Security Info 参数的作用 小编觉得挺不错的,现在分享给大家,帮大家做个参考.

Persist Security Info 参数的作用

Persist Security Info属性的意思是表示是否保存安全信息,其实可以简单的理解为"ADO在数据库连接成功后是否保存密码信息",

True表示保存,False表示不保存

ADO缺省为True (ADO.net缺省为False,未测试,根据参考资料上说的)

具体可以通过ADO的Connect对象的ConnectString属性进行验证,如下所示(以下在Delphi7中测试通过):

----------------------------------------------------------------------------------------------------------

数据库连接前

ConnectString="Provider=MSDAORA.1;Password=mypassword;User ID=yzs;Data Source=ydgl22;Persist Security Info=false"

数据库连接成功后

ConnectString="Provider=MSDAORA.1;User ID=yzs;Data Source=ydgl22"

----------------------------------------------------------------------------------------------------------

数据库连接前

ConnectString="Provider=MSDAORA.1;Password=mypassword;User ID=yzs;Data Source=ydgl22;Persist Security Info=true"

数据库连接成功后

ConnectString="Provider=MSDAORA.1;Password=mypassword;User ID=dlyx;Data Source=ydgl22"

----------------------------------------------------------------------------------------------------------

总体来说,如果数据库连接成功后不再需要连接的密码,出于安全性考虑,还是建议将Persist Security Info设为false,以防止后门程序取得数据库连接的密码(windows2003在sp1前就发生过这个问题)。

 

以下是摘自微软的ADO.net资料

http://msdn.microsoft.com/library/default.asp?url=/library/en-us/cpguide/html/cpconsecureadonetconnections.asp

Keep Persist Security Info as False

Setting Persist Security Info to true or yes will allow security-sensitive information, including the userid and password, to be obtained from the connection after the connection has been opened. If you are supplying a userid and password when making a connection, you are most protected if that information is used to open the connection, and then discarded. As a result, your option that helps to provide greater security is to set Persist Security Info to false or no.

This is especially important if you are supplying an open connection to an untrusted source or persisting connection information to disk. Keeping Persist Security Info as false helps ensure that the untrusted source does not have access to the security-sensitive information for your connection and also helps ensure that no security-sensitive information is persisted to disk with your connection string information.

Persist Security Info is false by default.

转载于:https://www.cnblogs.com/zhoujianwen/archive/2013/05/22/3092354.html

总结

以上是生活随笔为你收集整理的Persist Security Info 参数的作用的全部内容,希望文章能够帮你解决所遇到的问题。

如果觉得生活随笔网站内容还不错,欢迎将生活随笔推荐给好友。