AutoCAD Plant 3D General DIscussion

AutoCAD Plant 3D General DIscussion

Reply
Contributor
r.vanderend
Posts: 17
Registered: ‎09-10-2008
Message 1 of 9 (712 Views)

How to store the SQL Express Server user + pass

712 Views, 8 Replies
09-18-2011 11:16 PM

How can I save the username and password for SQL Express server database projects?

If I start P3D 2012 or switch a project, I have to login (see screenshot).

 

Thanks in advance,

 

Robin van der End

*Expert Elite*
dave.wolfe
Posts: 699
Registered: ‎12-04-2009
Message 2 of 9 (686 Views)

Re: How to store the SQL Express Server user + pass

09-19-2011 07:07 AM in reply to: r.vanderend

For security purposes, there isn't a way.  The most streamlined way to use SQL Server is to use Windows Authentication instead of the SQL Server Authentication.  Then, the login permissions are determined by your Windows login credentials.

Dave Wolfe
Isaiah 57:15

ECAD, Inc.
Tips and Tricks on our blog: Process Design, from the Outside

A P3D Authorized Reseller
Plant 3d Wish list: https://plant3d.uservoice.com/
Employee
RSFAdsk
Posts: 172
Registered: ‎02-27-2009
Message 3 of 9 (679 Views)

Re: How to store the SQL Express Server user + pass

09-19-2011 08:41 AM in reply to: r.vanderend

Hello Robin, as Dave mentions,

 

The best answer is to use Windows Integrated Security, which is the default.  If windows integrated security is being used, the following would be in each DCF file for the project (ProcessPower.dcf, Piping.dcf, Ortho.dcf, and Iso.dcf).

 

<Parameter>

   <Name>Integrated Security</Name>

   <Value xsi:type="xsd:boolean">true</Value>

</Parameter>

 

If Integrated Security is false, you are asked to provide name and pw. 

I did experiment and try to add name and password information to the dcf file,

 

<Parameter>

   <Name>User ID</Name>

   <Value xsi:type="xsd:string">user_name</Value>

</Parameter>

<Parameter>

   <Name>Password</Name>

   <Value xsi:type="xsd:string">password</Value>

</Parameter>

<Parameter>

   <Name>Persist Security Info</Name>

   <Value xsi:type="xsd:boolean">true</Value>

</Parameter>

 

but that information is ignored.  You are always asked for credentials when Integrated Security is false.  I dont think this would be a proper solution anyway, because everyone using the project would need to use the same name and pw (or would this be OK?).

 

 

 

 



Richard Frank
AEC Plant Solutions
Autodesk, Inc.
Contributor
r.vanderend
Posts: 17
Registered: ‎09-10-2008
Message 4 of 9 (648 Views)

Re: How to store the SQL Express Server user + pass

09-20-2011 12:12 AM in reply to: RSFAdsk

Thanks, I understand why but my company give me only a SQL-account with a username and password.

They don't want to make Windows Authentication accounts.

I've read the white papers (see attachment section "Configure AutoCAD Plant 3D Using a Database Link File") about this, but this don't work with version 2012.

Employee
RSFAdsk
Posts: 172
Registered: ‎02-27-2009
Message 5 of 9 (636 Views)

Re: How to store the SQL Express Server user + pass

09-20-2011 07:09 AM in reply to: r.vanderend

Yes, this is a change from 2011 (where SQL Server was not openly supported).  As you mention, in 2011 you were forced to put the username:smileytongue:w into the dcf.  I do think that if the "User ID" and "Password" are provided in the DCF we should use them and suppress the dialog.  I do expect that you will still need to edit the DCF manually as you have, but if added provided we should use them.

 



Richard Frank
AEC Plant Solutions
Autodesk, Inc.
*Expert Elite*
dave.wolfe
Posts: 699
Registered: ‎12-04-2009
Message 6 of 9 (631 Views)

Re: How to store the SQL Express Server user + pass

09-20-2011 07:53 AM in reply to: RSFAdsk

No, login credentials should not be stored in the dcf than anyone who has access to the DCF has access to sql server.  I think also that currently admin rights are required inside the SQL Server database to perform creation functions, etc. So someone could login into the sql server and remove databases just by having the dcf.  So, if you gave the project to a client...they have your sql logins and connection parameters for your sql server databases (assuming the user in P3D must have admin rights for all databases).

 

A secure way to do it, would be to allow a remember me function and store the username/password in a secure/encrypted file in a temporary file location.  Then the user could login once and have the remember me box checked to not enter credentials again.

 

My two cents.

Dave Wolfe
Isaiah 57:15

ECAD, Inc.
Tips and Tricks on our blog: Process Design, from the Outside

A P3D Authorized Reseller
Plant 3d Wish list: https://plant3d.uservoice.com/
Employee
RSFAdsk
Posts: 172
Registered: ‎02-27-2009
Message 7 of 9 (624 Views)

Re: How to store the SQL Express Server user + pass

09-20-2011 08:18 AM in reply to: dave.wolfe

I understand what you are saying Dave, but if the Username and PW are entered manually by the project admin into the DCF it seems that we should use them.  Even if we recommend against doing so.

 

I'm thinking that if the same project files were SQLite, the information in them would be just as open as the username : pw used to access the SQL Server.  I guess what I'm thinking is that if you have access to the project files, depending on the situation (for example: the username : pw are project-specific) it is no different than just having the files there anyway.

 

[As you point out, if we did not encrypt the text] we would not offer to [x] Save Username and Password, as it would just be open connection string text.  That would be something that the cad admin would need to enter manually, as had to be done in 2011.  Regardless I'm sure there will be quite some discussion about this and the more input the better here.

 

 



Richard Frank
AEC Plant Solutions
Autodesk, Inc.
*Expert Elite*
dave.wolfe
Posts: 699
Registered: ‎12-04-2009
Message 8 of 9 (617 Views)

Re: How to store the SQL Express Server user + pass

09-20-2011 08:30 AM in reply to: RSFAdsk

Yea, the difference with SQLite is that only the local project is available.  With SQL Server it could potentially be all the projects availble.

 

Yea, I'm recommending writing new functionality to store the username/password into a different secure manner similar to how web cookies operate.  It's not hard.  You could even store them within xml in an encrypted zip.  

 

Maybe it's just me...but I really can't get myself to accept that storing login information in plain text is a good idea.

 

I have to disagree with the idea that if someone enter login credentials, you must use them...my opinion is that the program should make it easier to be secure with data/permissions that to not.

 

It's bound to be a hot topic. :smileyhappy:

 

 

Dave Wolfe
Isaiah 57:15

ECAD, Inc.
Tips and Tricks on our blog: Process Design, from the Outside

A P3D Authorized Reseller
Plant 3d Wish list: https://plant3d.uservoice.com/
Contributor
r.vanderend
Posts: 17
Registered: ‎09-10-2008
Message 9 of 9 (595 Views)

Re: How to store the SQL Express Server user + pass

09-22-2011 02:35 AM in reply to: dave.wolfe

If there where a checkbox to remember the login details, the problem is resolved.

Or just a register string where you can manually put the username and password.

All our projects are saved on the same SQL server, so the login is the same for all the projects.

Announcements
Are you familiar with the Autodesk Expert Elites? The Expert Elite program is made up of customers that help other customers by sharing knowledge and exemplifying an engaging style of collaboration. To learn more, please visit our Expert Elite website.
Need installation help?

Start with some of our most frequented solutions to get help installing your software.

New AutoCAD Plant 3D Category!

The AutoCAD Plant 3D forum has moved into it's very own category page, and can no longer be found within the Additional Product Forums.