Ideas

Encryption of SQL password in configuration file

For SQL Authentication we need to have the password encrypted in the framework.ini configuration file. SQL Authentication is required to remove the potential for staff to directly access the database using Microsoft SQL Get Data - SQL Data base command. Unfortunately the security of this approach is compromised by having the password in plain text in this file so a user with rudimentary knowledge can still bypass the inbuilt Framework security using this password.

  • Guest
  • Mar 20 2023
  • Attach files
  • Admin
    Chris Grigsby commented
    March 21, 2023 20:51

    Thanks for your idea. We'll get in touch to discuss this as the use of SQL Authentication with Framework is not recommended.