Persist Security Info Default Value Changed in Windows Vista

March 25th 2007 Visual Basic 6 ADO.NET

In Windows Vista the default value for the Persist Security Info parameter of an ADO connection string has changed from True to False.

You should be aware of this because it can prevent your legacy code from working properly under Windows Vista. If its value is set to False the Server, Database, Trusted_Connection and Password parameters will be removed from the ConnectionString property of the Connection object once the connection has been opened. If you're creating new connections by just copying the ConnectionString property from an existing and already opened connection to the new one, your code will break under Vista.

The problem can easily be fixed by explicitly setting Persist Security Info to True in your original connection string but it should be mentioned that this can be a potential security risk if untrusted code gets access to your Connection object. Even more so in case you're not using integrated security and the connection string actually contains the user's password for accessing the database. It's a much better practice to have the actual connection string stored separately and use it directly to create new connections.

On a side note, SqlClient in ADO.NET works much more consistently. The Persist Security Info parameter always defaults to False. It also only removes the Password parameter from the ConnectionString property which makes changing its value to True completely unnecessary unless you really feel a strong urge to share your user's password.

Creative Commons License