.NET Tutorials, Forums, Interview Questions And Answers
Welcome :Guest
Sign In
Win Surprise Gifts!!!

Top 5 Contributors of the Month
david stephan
Gaurav Pal

Home >> Articles >> General >> Post New Resource Bookmark and Share   

 Subscribe to Articles

Using the Windows Registry , Custom File and Construction Arguments and the COM+ Catalog

Posted By:Shashi Ray       Posted Date: November 25, 2009    Points: 25    Category: General    URL: http://www.dotnetspark.com  


Using the Windows Registry

You can also use a custom key in the Windows registry to store the connection string, although this is not recommended due to deployment issues.


  • Security. You can manage access to selected registry keys by using access control lists (ACLs). For even higher levels of security, consider encrypting the data.
  • Ease of programmatic access. .NET classes are available to support reading strings from the registry.


  • Deployment. The relevant registry setting must be deployed along with your application, somewhat defeating the advantage of xcopy deployment.

Using a Custom File

You can use a custom file to store the connection string. However, this technique offers no advantages and is not recommended.


  • None.


  • Extra coding. This approach requires extra coding and forces you to deal explicitly with concurrency issues.
  • Deployment. The file must be copied along with the other ASP.NET application files. Avoid placing the file in the ASP.NET application directory or subdirectory to prevent it from being downloaded over the Web.

Using Construction Arguments and the COM+ Catalog

You can store the database connection string in the COM+ catalog and have it automatically passed to your object by means of an object construction string. COM+ will call the object's Construct method immediately after instantiating the object, supplying the configured construction string.

Note   This approach works only for serviced components. Consider it only if your managed components use other services, such as distributed transaction support or object pooling.


  • Administration. An administrator can easily configure the connection string by using the Component Services MMC snap-in.


  • Security. The COM+ catalog is considered a non-secure storage area (although you can restrict access with COM+ roles) and therefore must not be used to maintain connection strings in clear text.
  • Deployment. Entries in the COM+ catalog must be deployed along with your .NET-based application. If you are using other enterprise services, such as distributed transactions or object pooling, storing the database connection string in the catalog presents no additional deployment overhead, because the COM+ catalog must be deployed to support those other services.
  • Components must be serviced. You can use construction strings only for serviced components. You should not derive your component's class from ServicedComponent (making your component serviced) simply to enable construction strings.

Important   It is critical to secure connection strings. With SQL authentication, the connection contains a user name and password. If an attacker exploits source code vulnerability on the Web server or gains access to the configuration store, the database will be vulnerable. To prevent this, connection strings should be encrypted.





Shashi Ray

 Subscribe to Articles


Further Readings:


No response found. Be the first to respond this post

Post Comment

You must Sign In To post reply
Find More Articles on C#, ASP.Net, Vb.Net, SQL Server and more Here

Hall of Fame    Twitter   Terms of Service    Privacy Policy    Contact Us    Archives   Tell A Friend