Secure Database Connection Management¶
Introduction¶
This document provides comprehensive instructions for implementing secure database connection handling in CALUMO on-premises. The updated approach protects sensitive database credentials by storing connection strings in environment variables rather than plaintext configuration files, significantly enhancing security against unauthorized access.
Security Enhancement¶
Connection strings containing sensitive credentials are now stored in environment variables, which:
- Reduces the attack surface by removing plaintext credentials from files
- Prevents credentials from being included in code repositories or backups
- Aligns with security best practices for credential management
Implementation Details¶
-
Configuration File Changes¶
The master.config.json file has been updated to use environment variable placeholders instead of hardcoded credentials:
Before:¶
{ "ConnectionString": "trusted_connection=false;uid=userid;pwd=password;data source=.; }After:¶
{ "ConnectionString": "%CALUMO_CONNECTION_STRING%" } -
Setting the Environment Variable¶
Manually Setting the Environment Variable¶
- Open System Properties:
- Right-click on “This PC” or “Computer” on the desktop or in File Explorer.
- Select “Properties”.
- Click on “Advanced system settings” on the left.
-
In the System Properties window, click on the “Environment Variables” button.
-
Add a New System Variable:
- In the Environment Variables window, under the “System variables” section, click “New”.
- Enter the variable name:
CALUMO_CONNECTION_STRING. - Enter the variable value:
Ex: trusted_connection=false;uid=userId;pwd=password;data source=.;database=calumo_dev. -
Click “OK” to save the new variable.
-
Apply and Close:
- Click “OK” to close the Environment Variables window.
- Click “OK” to close the System Properties window.