Skip to Content

Archived discussions are read-only. Learn more about SAP Q&A

How to encrypt connection string in CR

I was wonder how secure is the connection string in Crystal report? and is their way to encrypt it

Your help is much appreciated

Former Member

Hi John,

What version of Crystal are you using? 

Is this for an application you are building or for the desktop designer? 

If you are building an application, Windows or web and what platform? 

If you are building an application, there are a couple of ways to do it.  If your application already has a connection to the database, you can have the report use that existing connection.  I have reports that get the data from a data object my application populates. 

For web applications, the easiest way would be to encrypt the connection string in the web.config but I wouldn't recommend this. 

Crystal does not encrypt the connection string at all.  That part is left to the individual programmer.  If you are using ODBC in your report and turn on the ODBC logging, you can see where the connection string is being passed.  If your connection string is encrypted, Crystal can't read it so you do have to decrypt it before it gets passed to the report. 

We have an enterprise environment here and security for all of our web and Windows applications are managed by a single security program we wrote.  This prevents hard coding connection strings in the application.  When the application starts up, it makes a connection to the security program and based on several parameters, it gives access to the user and logs onto the database. 

Hope this helps,


0 View this answer in context
Not what you were looking for? View more on this topic or Ask a question