Please Share your Product Ideas with us!

All ideas are welcome. Just because the Idea doesn't make it into the product immediately does not make it a bad idea.

Substitution Variables in the Connection String UID and PW in DataSources


When we first put encyrption into the ASP Version of CranSoft (back at Cargill), Dan modified DataGarage so you could specify a Substitution Variable for the UserName and Password in the Connection string.   This allowed us to keep the Connection string in clear text which makes is MUCH easier to debug and copy and change passwords.


Currently in CranSoft you have to enter the UserName and Password inline in the Connection String which exposes the Password.  You also have to enter the Username and Password in those fields, creating redundant data.


Could we please work with Dan to re-enable the Substituion Variables?   This would allow a connection string like below.   Now I can leave my connection string un-encrypted and only manage my Password, which is hidden whether I choose to encrypt or not.




  • Guest
  • Feb 1 2017
  • Future consideration
  • Attach files
  • Guest commented
    7 Dec, 2020 02:45am

    This is really important because the requirement to be able to view the connection string forces this field to be not encrypted which creates a security hole where if anyone has access to dspcommon or cransoft db, they can go and get the logins for all the sources.

    Another consideration is that sometimes the client wants to personally type in the password so that it is entered in dsp but not disclosed to you. This cannot happen under the current way it works and rightly creates doubt about the security capability of DSP.

    This is such an easy fix it should be done ASAP pleeeaaassseee!!

  • Jake Cohen commented
    25 Sep, 2018 04:37pm

    From the BOAU article, the Jira ticket created for this:

  • +4