All ideas are welcome. Just because the Idea doesn't make it into the product immediately does not make it a bad idea.
When we first put encyrption into the ASP Version of CranSoft (back at Cargill), Dan modified DataGarage so you could specify a Substitution Variable for the UserName and Password in the Connection string. This allowed us to keep the Connection string in clear text which makes is MUCH easier to debug and copy and change passwords.
Currently in CranSoft you have to enter the UserName and Password inline in the Connection String which exposes the Password. You also have to enter the Username and Password in those fields, creating redundant data.
Could we please work with Dan to re-enable the Substituion Variables? This would allow a connection string like below. Now I can leave my connection string un-encrypted and only manage my Password, which is hidden whether I choose to encrypt or not.
DSN=ATI;HOST=erp2.as.ae.ge.com;DB=atsdbxx;UID=#USERNAME#;PWD=#PASSWORD#; PORT=5140;
Guest
This is really important because the requirement to be able to view the connection string forces this field to be not encrypted which creates a security hole where if anyone has access to dspcommon or cransoft db, they can go and get the logins for all the sources.
Another consideration is that sometimes the client wants to personally type in the password so that it is entered in dsp but not disclosed to you. This cannot happen under the current way it works and rightly creates doubt about the security capability of DSP.
This is such an easy fix it should be done ASAP pleeeaaassseee!!
Attachments Open full size
From the BOAU article, the Jira ticket created for this: http://jira.cransoft.com:8080/browse/UR-3097
Attachments Open full size