Persist Security Info 參數的作用

Persist Security Info屬性的意思是表示是否保存安全信息，其實可以簡單的理解為"ADO在數據庫連接成功后是否保存密碼信息"，

True表示保存，False表示不保存

ADO缺省為True (ADO.net缺省為False，未測試，根據參考資料上說的)

具體可以通過ADO的Connect對象的ConnectString屬性進行驗證，如下所示(以下在Delphi7中測試通過)：

----------------------------------------------------------------------------------------------------------

數據庫連接前

ConnectString="Provider=MSDAORA.1;Password=mypassword;User ID=yzs;Data Source=ydgl22;Persist Security Info=false"

數據庫連接成功后

ConnectString="Provider=MSDAORA.1;User ID=yzs;Data Source=ydgl22"

----------------------------------------------------------------------------------------------------------

數據庫連接前

ConnectString="Provider=MSDAORA.1;Password=mypassword;User ID=yzs;Data Source=ydgl22;Persist Security Info=true"

數據庫連接成功后

ConnectString="Provider=MSDAORA.1;Password=mypassword;User ID=dlyx;Data Source=ydgl22"

----------------------------------------------------------------------------------------------------------

總體來說，如果數據庫連接成功后不再需要連接的密碼，出于安全性考慮，還是建議將Persist Security Info設為false，以防止后門程序取得數據庫連接的密碼（windows2003在sp1前就發生過這個問題）。

?

以下是摘自微軟的ADO.net資料

http://msdn.microsoft.com/library/default.asp?url=/library/en-us/cpguide/html/cpconsecureadonetconnections.asp

Keep Persist Security Info as False

Setting Persist Security Info to true or yes will allow security-sensitive information, including the userid and password, to be obtained from the connection after the connection has been opened. If you are supplying a userid and password when making a connection, you are most protected if that information is used to open the connection, and then discarded. As a result, your option that helps to provide greater security is to set Persist Security Info to false or no.

This is especially important if you are supplying an open connection to an untrusted source or persisting connection information to disk. Keeping Persist Security Info as false helps ensure that the untrusted source does not have access to the security-sensitive information for your connection and also helps ensure that no security-sensitive information is persisted to disk with your connection string information.

Persist Security Info is false by default.

轉載于:https://www.cnblogs.com/zhoujianwen/archive/2013/05/22/3092354.html

總結

以上是生活随笔為你收集整理的Persist Security Info 参数的作用的全部內容，希望文章能夠幫你解決所遇到的問題。

如果覺得生活随笔網站內容還不錯，歡迎將生活随笔推薦給好友。