AutoCAD Plant 3D Forum
Welcome to Autodesk’s AutoCAD Plant 3D Forums. Share your knowledge, ask questions, and explore popular AutoCAD Plant 3D topics.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

How to store the SQL Express Server user + pass

8 REPLIES 8
Reply
Message 1 of 9
r.vanderend
1289 Views, 8 Replies

How to store the SQL Express Server user + pass

How can I save the username and password for SQL Express server database projects?

If I start P3D 2012 or switch a project, I have to login (see screenshot).

 

Thanks in advance,

 

Robin van der End

Tags (4)
8 REPLIES 8
Message 2 of 9
dave.wolfe
in reply to: r.vanderend

For security purposes, there isn't a way.  The most streamlined way to use SQL Server is to use Windows Authentication instead of the SQL Server Authentication.  Then, the login permissions are determined by your Windows login credentials.

Dave Wolfe
Isaiah 57:15



Tips and Tricks on our blog: ASTI blog
EXPERT ELITE MEMBER
Plant 3D Wish list
Message 3 of 9
RSFAdsk
in reply to: r.vanderend

Hello Robin, as Dave mentions,

 

The best answer is to use Windows Integrated Security, which is the default.  If windows integrated security is being used, the following would be in each DCF file for the project (ProcessPower.dcf, Piping.dcf, Ortho.dcf, and Iso.dcf).

 

<Parameter>

   <Name>Integrated Security</Name>

   <Value xsi:type="xsd:boolean">true</Value>

</Parameter>

 

If Integrated Security is false, you are asked to provide name and pw. 

I did experiment and try to add name and password information to the dcf file,

 

<Parameter>

   <Name>User ID</Name>

   <Value xsi:type="xsd:string">user_name</Value>

</Parameter>

<Parameter>

   <Name>Password</Name>

   <Value xsi:type="xsd:string">password</Value>

</Parameter>

<Parameter>

   <Name>Persist Security Info</Name>

   <Value xsi:type="xsd:boolean">true</Value>

</Parameter>

 

but that information is ignored.  You are always asked for credentials when Integrated Security is false.  I dont think this would be a proper solution anyway, because everyone using the project would need to use the same name and pw (or would this be OK?).

 

 

 

 



Richard Frank
Autodesk Knowledge Network
Autodesk, Inc.
Message 4 of 9
r.vanderend
in reply to: RSFAdsk

Thanks, I understand why but my company give me only a SQL-account with a username and password.

They don't want to make Windows Authentication accounts.

I've read the white papers (see attachment section "Configure AutoCAD Plant 3D Using a Database Link File") about this, but this don't work with version 2012.

Message 5 of 9
RSFAdsk
in reply to: r.vanderend

Yes, this is a change from 2011 (where SQL Server was not openly supported).  As you mention, in 2011 you were forced to put the username:pw into the dcf.  I do think that if the "User ID" and "Password" are provided in the DCF we should use them and suppress the dialog.  I do expect that you will still need to edit the DCF manually as you have, but if added provided we should use them.

 



Richard Frank
Autodesk Knowledge Network
Autodesk, Inc.
Message 6 of 9
dave.wolfe
in reply to: RSFAdsk

No, login credentials should not be stored in the dcf than anyone who has access to the DCF has access to sql server.  I think also that currently admin rights are required inside the SQL Server database to perform creation functions, etc. So someone could login into the sql server and remove databases just by having the dcf.  So, if you gave the project to a client...they have your sql logins and connection parameters for your sql server databases (assuming the user in P3D must have admin rights for all databases).

 

A secure way to do it, would be to allow a remember me function and store the username/password in a secure/encrypted file in a temporary file location.  Then the user could login once and have the remember me box checked to not enter credentials again.

 

My two cents.

Dave Wolfe
Isaiah 57:15



Tips and Tricks on our blog: ASTI blog
EXPERT ELITE MEMBER
Plant 3D Wish list
Message 7 of 9
RSFAdsk
in reply to: dave.wolfe

I understand what you are saying Dave, but if the Username and PW are entered manually by the project admin into the DCF it seems that we should use them.  Even if we recommend against doing so.

 

I'm thinking that if the same project files were SQLite, the information in them would be just as open as the username : pw used to access the SQL Server.  I guess what I'm thinking is that if you have access to the project files, depending on the situation (for example: the username : pw are project-specific) it is no different than just having the files there anyway.

 

[As you point out, if we did not encrypt the text] we would not offer to [x] Save Username and Password, as it would just be open connection string text.  That would be something that the cad admin would need to enter manually, as had to be done in 2011.  Regardless I'm sure there will be quite some discussion about this and the more input the better here.

 

 



Richard Frank
Autodesk Knowledge Network
Autodesk, Inc.
Message 8 of 9
dave.wolfe
in reply to: RSFAdsk

Yea, the difference with SQLite is that only the local project is available.  With SQL Server it could potentially be all the projects availble.

 

Yea, I'm recommending writing new functionality to store the username/password into a different secure manner similar to how web cookies operate.  It's not hard.  You could even store them within xml in an encrypted zip.  

 

Maybe it's just me...but I really can't get myself to accept that storing login information in plain text is a good idea.

 

I have to disagree with the idea that if someone enter login credentials, you must use them...my opinion is that the program should make it easier to be secure with data/permissions that to not.

 

It's bound to be a hot topic. Smiley Happy

 

 

Dave Wolfe
Isaiah 57:15



Tips and Tricks on our blog: ASTI blog
EXPERT ELITE MEMBER
Plant 3D Wish list
Message 9 of 9
r.vanderend
in reply to: dave.wolfe

If there where a checkbox to remember the login details, the problem is resolved.

Or just a register string where you can manually put the username and password.

All our projects are saved on the same SQL server, so the login is the same for all the projects.

Can't find what you're looking for? Ask the community or share your knowledge.

Post to forums  

Autodesk Design & Make Report

”Boost