PivotView.Write Connection Strings

Posted by: toadrw on 3 August 2017, 3:53 pm EST

  • Posted 3 August 2017, 3:53 pm EST

    I've noticed that the password and user name are plain text in the file created from pivotview.write. Would you consider encrypting this? What I'm going to have to do is save the xml file, then encrypt the connection string, then when I open the file I'll have to decrypt the conenction string and then open the file.



    Also, If I create a visualization and save it. If my user name and/or password changes I won't be able to open this visulization again unless my program edits the connection string in the xml file. I understand with the number of data sources this tool connects to it might not be possible to prompt for a user name and password, but if it is possible could this be implemented. I don't think this is an issue with local data source (maybe Excel if it is password protected).



    Finally, if I want to share a visualization with someone. They can connect to it, but unless I change the connection string for this user they will be connecting as my user with my password.



    I'm working around all of this, but I would think these are some things that you might look at enhancing in a future releases.



    Thanks!



  • Replied 3 August 2017, 3:53 pm EST

    Toadrw,

    I would suggest you to check the XmlTextWriter Class, if you are looking to encrypt the file created from PivotView.Write. You may want to write the PivotView to an XmlTextWriter which you could then encrypt using the algorithm specified in your business's information security policies. Finally you can save the encrypted XML stream to disk. The reason is that this behavior is handled better at the customer’s side rather than ours.

    As far as your second issue regarding the prompt for a user name and password is concerned, I would suggest you to kindly ensure that your application meets the requirements of your company/client's information security policy. This is because it is more secure if performed at your end, rather than a third party implementing the security features for your application. You may want to check this link for the security architecture of SSAS which uses Microsoft Windows to authenticate users for some additional information. I hope this is of some help.

    Regards,
    Sankalp
  • Replied 3 August 2017, 3:53 pm EST

    Hey Sankalp:



    Thanks for the suggestion. We've worked this out.
  • Replied 3 August 2017, 3:53 pm EST

    You're correct too. The encryption should be done on our end. Appreciate it!
Need extra support?

Upgrade your support plan and get personal unlimited phone support with our customer engagement team

Learn More

Forum Channels