cancel
Showing results for 
Search instead for 
Did you mean: 

How to encrypt connection string in CR

Former Member
0 Kudos

I was wonder how secure is the connection string in Crystal report? and is their way to encrypt it

Your help is much appreciated

Accepted Solutions (1)

Accepted Solutions (1)

former_member292966
Active Contributor
0 Kudos

Hi John,

What version of Crystal are you using? 

Is this for an application you are building or for the desktop designer? 

If you are building an application, Windows or web and what platform? 

If you are building an application, there are a couple of ways to do it.  If your application already has a connection to the database, you can have the report use that existing connection.  I have reports that get the data from a data object my application populates. 

For web applications, the easiest way would be to encrypt the connection string in the web.config but I wouldn't recommend this. 

Crystal does not encrypt the connection string at all.  That part is left to the individual programmer.  If you are using ODBC in your report and turn on the ODBC logging, you can see where the connection string is being passed.  If your connection string is encrypted, Crystal can't read it so you do have to decrypt it before it gets passed to the report. 

We have an enterprise environment here and security for all of our web and Windows applications are managed by a single security program we wrote.  This prevents hard coding connection strings in the application.  When the application starts up, it makes a connection to the security program and based on several parameters, it gives access to the user and logs onto the database. 

Hope this helps,

Brian

Former Member
0 Kudos

Thanks for the clarification and explanation.

I have CR 2011, it is for web application and the platform is windows 7.

On confirmation, the way am going to design the CR is to develop the CR outside the MVS environment using the CR 2011. This mean the connection string will be established and created with CR2011 environment.

After the design is complete, I will add them to MVS to be driven by CR viewer in MVS.

This is the point of concern, where the connection string is created within CR2011 and not with MVS

I agree, if I am designing the report within MVS environment, then I will use the RSA to encrypt the connection string at the rest and decrypt the connection string as been called to open the connection.

Please correct me if I missed the concept.

Appreciate your advise

Answers (0)