Keeping ConnectionStrings in a global class

views:

answers:

Keeping ConnectionStrings in a global class

Instead of calling ConfigurationManager.ConnectionStrings("db1").ToString() and ConfigurationManager.ConnectionStrings("db2").ToString() all over the place in my DAL, would it be fine to create a static global class (ConnStrings) with static read-only properties (db1 and db2) and replace the calls with ConnStrings.db1 and ConnStrings.db2?

Since my connection strings are encrypted, would they get decrypted when I set db1/db2 or only when it gets accessed?

+1 A:

That is a good idea. Essentially your calls to ConfigurationManager are duplication of code, that you would want to get rid off.

The connection strings are decrypted when they are retrieved from the configuration file. So ConnStrings.db1 would be an unencrypted string.

driis 2010-10-18 19:57:08

is it good to have the unencrypted connection details around in a static property? wouldn't you rather decrypt at the last possible moment?

eych 2010-10-19 03:10:57

Well you still have the option to have ConnStrings.db1 call into ConfigurationManager.ConnectionStrings, instead of storing in a static field. Then you still have the connectionstrings encrypted until last minute, which is good from a security perspective. But honestly, for most applications it wouldn't matter. If an attacker has the ability to look in your application memory, chances are he can also call ConfigurationManager.

driis 2010-10-19 06:51:29

ansaurus

tags:

views:

answers:

Keeping ConnectionStrings in a global class

related questions