49

For the properties:

Persist Security Info=true

and

Persist Security Info=false

Can you tell me what is the difference between them, and if I don't put it in my connection what will happen?

connect.ConnectionString = "Provider=Microsoft.ACE.OLEDB.12.0;
                            Data Source=C:/Users/Nourah/Downloads 
                            /Phase3/Salary.accdb; 
                            Persist Security Info=False;";
Jason Aller
  • 3,391
  • 28
  • 37
  • 36
Nourah
  • 521
  • 1
  • 4
  • 4
  • possible duplicate of [Differance Between Persist Security Info And Integrated Security](http://stackoverflow.com/questions/2009976/differance-between-persist-security-info-and-integrated-security) – lloyd May 24 '15 at 03:04
  • 1
    but i don't understand carefully when i applied on code , same result – Nourah May 24 '15 at 03:56
  • Not sure there is any point in using Persist Security Info with ms-access – Steve Feb 09 '20 at 19:02

2 Answers2

62

Even if you set Persist Security Info=true OR Persist Security Info=false it won't show a difference up front. The difference is happening in the background.

When Persist Security Info=False, security-sensitive information, such as the password, is not returned as part of the connection if the connection is open or has ever been in an open state.

If you set Persist Security Info=True, Windows will remember the password specified in the connection string.

That's the difference.

MSDN Explanation

Setting Persist Security Info true or false will come into effect only if you mention username and password in the connection string. If you mention username and password in the connection string and set Persist Security Info as false then the credentials cannot be extracted, but if you set Persist Security Info as true while giving credentials in the connection string, windows will remember the credentials, and it can be extracted programmatically.

Scott
  • 3,979
  • 1
  • 17
  • 26
Sachu
  • 7,003
  • 7
  • 44
  • 82
  • so if i want set it to true how i will write the connection code ?? – Nourah May 24 '15 at 06:25
  • @Nourah setting it true or false will come into efffect only if you mention username and password in connection string..If you mention username and password in connectionstring and set this as false then the credentials cannot be extracted..but if you set to true while giving credentials in the connectionstring windows will remember the credentials and it can extracted in pgm...see edited answer – Sachu May 24 '15 at 06:38
  • 8
    "then the credentials cannot be extracted.." By what, the source code? What are pro's and con's and a simple scenario of when someone would need to set this to true? – eaglei22 Jan 22 '18 at 16:45
  • What does pgm mean? – sotn Oct 18 '18 at 07:00
  • @sotn sorry i meant it as program – Sachu Feb 06 '19 at 07:32
  • 2
    @eaglei22, A user of .net entity framework's DbContext might want to extract the connection string in order to create additional connections for use in lower level operations such as SqlBulkCopy. – Chris Sep 03 '19 at 19:11
  • @Chris Exactly this. You want to get the connection string from the EF DbContext to use for some non-EF DB operation like SqlBulkCopy or you want to get data from a raw SQL query without creating a POCO to read it into (as far as I know EF Core doesn't allow executing raw SQL into an `object`). I wonder though if using Persist Security Info = True poses a security risk and if making the connection string available via the options pattern would be safer. I don't see how it would but I'm not 100% sure. – jspinella Feb 12 '21 at 19:32
16

I found this answer here from Dan Guzman, SQL Server MVP:

I suggest you specify FALSE or omit the keyword entirely since it is the default, even during development. The only time you need to specify TRUE is if the application uses SQL authentication and subsequently retrieves the password from the connection object, which in my experience is rarely done or needed. Performance is not a concern.

Greg Gum
  • 25,941
  • 27
  • 127
  • 194