[Mono-list] Why doesn't SSPI in Mono ADO.net NOT support pass through creds?
Rod
rodney.foley at lumension.com
Tue Apr 26 11:24:46 EDT 2011
Right now when I set the connectionString to be Integrated Security=SSPI in
.Net if I don't provide a uid and password it will default to the user
running the process. In Mono thought if you don't provide the uid and
password it will not connection. SSPI which Microsoft defines as uid and
password being optional in Mono they are required.
This would appear to be a bug, but I thought I would ask as this may be by
design for some reason as it may not be practical on all platforms. However
I would say allow it on ones that it can be supported on then leave it to
them being required on those that don't.
I find having to put uid and passwords in a connection string a security
risk and that we have always like to have the "service" that runs the
process be used as pass through. It seems that even if we use the
connection string builder and store the uid and password encrypted that in
memory the uid and password will be accessible to a determined hacker.
--
View this message in context: http://mono.1490590.n4.nabble.com/Why-doesn-t-SSPI-in-Mono-ADO-net-NOT-support-pass-through-creds-tp3475743p3475743.html
Sent from the Mono - General mailing list archive at Nabble.com.
More information about the Mono-list
mailing list