6

Using a TAdoConnection in D5 to connect to a local Sql Server on a Windows 7 64-bit machine using a passworded sa account, I get the error "login failed for user sa", despite the fact that I've built the TAdoConnection ConnectionString to include the password. By the time the BeforeConnect event triggers, the ConnectionString no longer contains the password. I can set the password in the WillConnect event and the connection then works fine.

My question is, what's removing the password from the ConnectionString? Is it maybe some security feature added in W7 - I don't recall getting this problem on XP.

Btw: This problem still happens even if I set Persist Security Info to true in the ConnectionString - the password doesn't even get stored in the DFM.

MartynA
  • 30,454
  • 4
  • 32
  • 73
  • Don't open that connection at design time (or do it, but with `Persist Security Info=True` in connection string) and it should get saved to DFM. – TLama Aug 08 '13 at 12:35
  • I know it should get saved but as I said in my "Btw", it doesn't. – MartynA Aug 08 '13 at 14:35
  • Do not use the ConnectionString "Build..." button, that calls the Windows OLE DB Data Link Properties dialog and it will strip the password out when you close it. I have only had this problem with SQL Server, it must validates the connection string against the actual provider. (SQLNCLI, SQLNCLI10, SQLOLEDB) Build the connection string by hand and paste it into the ConnectionString property then save it. – TDC Aug 08 '13 at 19:32
  • Or even more recommended, don't "paste" the connection string at all - it should be dynamically built in runtime, not hard coded. Suppose a year from now the database is moved, or even you change the sa password. I've learned long ago never to hard-code server credentials. Not only because it might change, but also because sometimes a database connection component might automatically attempt to connect to that database upon starting the app - connecting before your form's `OnCreate` even is even triggered. – Jerry Dodge Aug 09 '13 at 12:27

1 Answers1

7

Your ConnectionString needs to include "Persist Security Info=True" see this prior topic. I use two const, one for SQL Authentication and the other for Active Directory Authentication and just fill in the blanks.

const
  csCONNECTION   = 'Provider=%s;Password=%s;Persist Security Info=True;User ID=%s;Initial Catalog=%s;Data Source=%s';
  csADCONNECTION = 'Provider=%s;Integrated Security=SSPI;Persist Security Info=False;Initial Catalog=%s;Data Source=%s';
Community
  • 1
  • 1
TDC
  • 377
  • 1
  • 6