Reputation: 1628
Is it safe if I decide the DbConnection class by trial and error?
Suppose that I have a connection string (in fact it will be a user entry). Using this string I want to create an appropriate DbConnection class. It would be either an SqlConnection, or OleDbConnection or OracleConnection (maybe another one in the future).
Would it be safe if I follow the following procedure?
For each possible connection class, I will create it and then open and close the connection.
- If it throws an exception i will try next class
- If it does not throw an exception, then it is ok.
Upvotes: 0
Views: 47
Answers (2)
Reputation: 10800
This strikes me as a bad idea, especially since you don't specify why you expect one of these to fail and what the reason is to use the next connection. What if it's a valid SQL connection string, but the db is simply unreachable? It wouldn't make any sense at all to try to connect to an Oracle db at that point.
A better way would be to let them select the provider type, then give the user a form with only the connection string properties they are allowed to change (with proper validation).
Upvotes: 2
Reputation: 118
It would be not safe because you give an attacker the possibility to bruteforce all your database connections at once.
Upvotes: 0
Related Questions
- C# Retrieving correct DbConnection object by connection string
- Is connecting to a database using SqlConnection() AND a Connection string safe?
- correct connection string syntax
- New to c#/ Connection string
- Connection string to Database Application
- SQL connection string in C#
- Best way to set up the connection setting
- Why do we need connection strings?
- Connection strings and attached database
- what is the correct use of connection to database