You use Microsoft Visual Studio 2010 and Microsoft .NET Framework 4 to create an application.The application connects to a Microsoft SQL Server 2008 database. The application uses a Microsoft ADO.NET SQL Server managed provider.When a connection fails, the application logs connection information, including the full connection string.The information is stored as plain text in a .config file.
You need to ensure that the database credentials are secure.
Which connection string should you add to the .config file?
A.Data Source=myServerAddress; Initial Catalog=myDataBase; Integrated Security=SSPI; Persist Security Info=false;
B.Data Source=myServerAddress; Initial Catalog=myDataBase; Integrated Security=SSPI; Persist Security Info=true;
C.Data Source=myServerAddress; Initial Catalog=myDataBase; User Id = myUsername; Password = myPassword; Persist Security Info=false;
D.Data Source=myServerAddress; Initial Catalog=myDataBase; User Id = myUsername; Password = myPassword; Persist Security Info=true;
According to the guide, the answer is 'A'. But in my opinion, the Answer is 'C'. If we are using Integrated Security = SSPI, we don't need to supply UserID and Password. So, Persist Security Info=false has no effect.
As far as I know, Persist Security Info only takes effect if the connection string has User Credentials.
Could you please advise me which one is correct? Thanks.
