<div>
<div class="content wysiwyg-content">
We have a number of .Net applications running which contain a SQL connection string within their web.config. to another server running SQL 2008 std.<br />
<br />
The connection string specifys SQL credentials to a specific database - the password and username is directly in the connection string.<br />
<br />
Note: Our production servers are not part of any domain and are stand alone.<br />
<br />
Were looking more into security - is there any way we can easily change the password to these accounts on a regular basis while not having to update the web.config files directly. &nbsp; &nbsp;..or is my only option via a Windows account ?<br />
<br />
<br />
Ideally we dont want the passwords directly in the web.config - it would be nice to change the passwords once a month automatically and not cause any errors for the connecting .Net applications, and not having to update any web.configs manually.<br />
<br />
Currently these SQL accounts are excluded from any password expiry policy and we need to change that so they are changed on a regular basis.<br />
<br />
Any help would be greatly appreciated.
</div>
</div>


We have a number of .Net applications running which contain a SQL connection string within their web.config. to another server running SQL 2008 std.

The connection string specifys SQL credentials to a specific database - the password and username is directly in the connection string.

Note: Our production servers are not part of any domain and are stand alone.

Were looking more into security - is there any way we can easily change the password to these accounts on a regular basis while not having to update the web.config files directly.    ..or is my only option via a Windows account ?


Ideally we dont want the passwords directly in the web.config - it would be nice to change the passwords once a month automatically and not cause any errors for the connecting .Net applications, and not having to update any web.configs manually.

Currently these SQL accounts are excluded from any password expiry policy and we need to change that so they are changed on a regular basis.

Any help would be greatly appreciated.

.NET application SQL connection account password best practices

Microsoft SQL Server 2008 is a suite of relational database management system (RDBMS) products providing multi-user database access functionality.Component services include integration (SSIS), reporting (SSRS), analysis (SSAS), data quality, master data, T-SQL and performance tuning. Major improvements include the  Always On technologies and support for unstructured data types.

Microsoft SQL Server 2008

Security is the protection of information systems from theft or damage to the hardware, the software, and the information on them, as well as from disruption or misdirection of the services they provide. The main goal of security is protecting assets, and an asset is anything of value and worthy of protection.  Information Security is a discipline of protecting information assets from threats through safeguards to achieve the objectives of confidentiality, integrity, and availability or CIA for short. On the other hand, disclosure, alteration, and disruption (DAD) compromise the security objectives.

Security

Web applications are systems that run in browsers that perform functions normally associated with other client-based programs. One of the most commonly used web applications is email; instead of downloading individual emails to a local machine, the data is shown through a website. Other examples of web applications are collaborative systems like a wiki or an online game.