The title should say it all really - I was wondering if it's better to store connection variables as constants (because they can't be changed) or as private properties (because they can't be viewed). My apologies to all those who reel in horror at my lack of security nous...
views:
245answers:
2
A:
My thoughts are that it really doesn't matter (from a security point of view). If someone has your code, then you are equally screwed either way. If someone doesn't have your code, then it doesn't matter because they can't execute it without the code for it to be an issue (if you have remote code execution vulnerabilities, you have larger issues than your connection strings).
From a design point of view, I'd probably use a private constant.
Matthew Scharley
2009-10-21 11:12:49
thanks for that
sunwukung
2009-10-21 11:49:01
A:
I think it doesn't matter; your code should be protected both from code injection and viewing. If someone will have access to somehow inject code into your system accessing connection strings seems like a smaller problem then that.
Gergely Orosz
2009-10-21 11:15:55