Thread: Different coding for a connection string? Password visable

    Different coding for a connection string? Password visable

    What is the proper way for connection string?

    I have noticed in some tutorials, they use coding for the
    connection string that shows the sa PASSWORD:

    Dim sConnectionString As String = _
    "server=Dozer;uid=sa;pwd= MyPassWord;database=Northwind"
    Dim sSQL As String = "SELECT * FROM Products"

    I can use the following that does not show the password:

    Dim sConnectionString As String = _
    "workstation id=DOZER;packet size=4096;_
    integrated security=SSPI;data source=Dozer;" & _
    "persist security info=False;initial catalog=Northwind"

    If you can use Windows authentication (SSPI), you should. Some applications, such as those running on Windows 9x, require SQL Server authentication. You do not, however, have to include the password in your connection string; you can provide it in your code as a parameter to the connection's .Open method. And you should never use the sa account in a real application; create a SQL account (or several, with varying permissions) specific to your application and grant it only the permissions it needs.
