package configuration

Does it matter if the configuration is by xml,sql server,parent package variable,environment variable etc.

I use xml configuration which i kind of feel easy as i can change the connection directly by typing.Not used with others much..

Is there any security issue here .

Please let me know

Hi,

I use XML too and I pass it from environment variable which gives more portability.

For security, yes, this is a concern. my XML config holds the user name and password in the connection string itself.

You have to secure the folder where you store the config file.

A server admin will always have the possibility to look into it though.

Regards,

Philippe

|||

SQL Server table has the added benefit that you can add as many configurations as you want and you won't see any warning if they all are not used in a package (not to mention you go to a single place where a change is required). Obviously, you need to store the connection string to that table somewhere else, and likely you would use the 'indirect' method or a second (XML, env. variable, etc).

The Environment variable and Registry key types, require a high level of permission at the OS level; which in some scenarios can not be an option (security policies, etc).

Parent variable type has the limitation that you don't have control over the order on which they

take place. They always get configured in the last place.

As you can see there is no perfect method, but yet you have a several options.

|||

When I store configuration information on sql server, is it safe to assume that I just the need the connection for that sqlserver/table and I'm done?

Also is it possible to directly insert/update/delete data to that table?

Thanks

|||

Yes (I think, depends on exactly what you are asking), and yes.