• Forums
    • Public Forums
      • Community Connect
      • Dynatrace
        • Dynatrace Open Q&A
      • Application Monitoring & UEM
        • AppMon & UEM Open Q&A
      • Network Application Monitoring
        • NAM Open Q&A
  • Home
  • Public Forums
  • Application Monitoring & UEM
  • AppMon & UEM Open Q&A
avatar image
Question by Jason L. · Mar 07, 2013 at 07:56 PM ·

Database Connection String Visibility

Is there any way to hide ONLY the "Connection String" text value shown on the Database / Details screen? Our information security team has advised that the connection string information (specifically, userid/password) should not be visible to any end users of dynaTrace. We don't necessarily want to hide all confidential strings from users of dynaTrace, so denying the 'Read Confidential Strings' permission is not an ideal solution for this issue.

Thanks.

Comment

People who like this

0 Show 0
10 |2000000 characters needed characters left characters exceeded
  • Viewable by all users
  • Viewable by moderators
  • Viewable by moderators and the original poster
  • Advanced visibility
Toggle Comment visibility. Current Visibility: Viewable by all users

Up to 10 attachments (including images) can be used with a maximum of 50.0 MiB each and 250.0 MiB total.

11 Replies

  • Sort: 
  • Most voted
  • Newest
  • Oldest
avatar image

Answer by Christoph N. · Mar 25, 2013 at 04:14 PM

Hi Jason,

well, unfortunately you just hit another special case. We find the password string with a regex, that unfortunately also does not work with "PWD=". However it does work with "Pwd=" or "pwd=". So, if you have the possibility to modify the connection string, this would be the easiest workaround.

Let me know if that works for you.

Thanks,
-Christoph

Comment

People who like this

0 Show 2 · Share
10 |2000000 characters needed characters left characters exceeded
  • Viewable by all users
  • Viewable by moderators
  • Viewable by moderators and the original poster
  • Advanced visibility
Toggle Comment visibility. Current Visibility: Viewable by all users

Up to 10 attachments (including images) can be used with a maximum of 50.0 MiB each and 250.0 MiB total.

avatar image Jason L. · Mar 25, 2013 at 04:46 PM 0
Share

The problem is that we have 60+ production connection strings that would need to be changed in order to work with dynaTrace's limitations that we have recently discovered. It would be very time consuming on our side to go through our change control process to modify all of these connection strings in production. If this is the only workaround option that we have, that would be disappointing.

avatar image Roman S. · Mar 28, 2013 at 02:17 PM 0
Share

Hi Christoph,

I also got a case of the password being shown in the connection string for a Java application. The data looks like this:

Database Name: rel444;user=me;password=mine;
Connection String: jdbc:jtds:sqlserver://hostname:1433/rel444;user=me;password=mine;

Should that have been covered? Or should I open a support case for that to be fixed?

Thx, Roman

avatar image

Answer by Jason L. · Mar 25, 2013 at 02:58 PM

Hi Christoph,

I just found an example connection string that is in the web.config file with no whitespaces, but the password is not stripped out. Perhaps it is due to the ";enlist=true;" following the password value?

Database=AAMGlobalCatalog;Server=CTNCORDDBD01\CORPDEV;UID=aamgc;PWD=laksjfi333;enlist=true;

Comment

People who like this

0 Show 0 · Share
10 |2000000 characters needed characters left characters exceeded
  • Viewable by all users
  • Viewable by moderators
  • Viewable by moderators and the original poster
  • Advanced visibility
Toggle Comment visibility. Current Visibility: Viewable by all users

Up to 10 attachments (including images) can be used with a maximum of 50.0 MiB each and 250.0 MiB total.

avatar image

Answer by Christoph N. · Mar 25, 2013 at 08:43 AM

Hi Jason,

The password should automatically be stripped out of all connection strings. The reason it does not work in your case might be the fact that you have whitespaces in your connection string between the assignment operators.

If you change
"Password = pw12345"
to
"Password=pw12345"
it should work.

regards,
-Christoph

Comment

People who like this

0 Show 0 · Share
10 |2000000 characters needed characters left characters exceeded
  • Viewable by all users
  • Viewable by moderators
  • Viewable by moderators and the original poster
  • Advanced visibility
Toggle Comment visibility. Current Visibility: Viewable by all users

Up to 10 attachments (including images) can be used with a maximum of 50.0 MiB each and 250.0 MiB total.

avatar image

Answer by Günter S. · Mar 25, 2013 at 08:05 AM

Hi Jason,

you can create a ticket, but your chances to get this treated as bug are very low. PM will not easily accept this as a bug, it'll be treated as an enhancement and the chances to get this implemented on the current version are low because the next product release has that feature already. Also having the connection string information stored in the DB is not very common either, you are the first customer to complain about this.

I spoke to R&D, a back port of the 5.5 functionality is not possible because the architecture had to be changed in some areas to make this possible in the next release.

I'm with Ryan in terms of your options.

regards,
Günter

Comment

People who like this

0 Show 0 · Share
10 |2000000 characters needed characters left characters exceeded
  • Viewable by all users
  • Viewable by moderators
  • Viewable by moderators and the original poster
  • Advanced visibility
Toggle Comment visibility. Current Visibility: Viewable by all users

Up to 10 attachments (including images) can be used with a maximum of 50.0 MiB each and 250.0 MiB total.

avatar image

Answer by Ryan C. · Mar 22, 2013 at 06:21 PM

I would suggest that you open a support case.

In the meantime, your options are:

1. Enable security of confidential strings.
2. Unplace the ADO sensor (thus ignoring DB calls from your PurePaths)
3. Wait until 5.5 is released. Talk to your Compuware rep to see if you can get a copy of 5.5 sooner versus later.
4. Updated your app to retrieve the connection string from web.config
5. Do nothing

I realize none of these choices are ideal.

Comment

People who like this

0 Show 0 · Share
10 |2000000 characters needed characters left characters exceeded
  • Viewable by all users
  • Viewable by moderators
  • Viewable by moderators and the original poster
  • Advanced visibility
Toggle Comment visibility. Current Visibility: Viewable by all users

Up to 10 attachments (including images) can be used with a maximum of 50.0 MiB each and 250.0 MiB total.

avatar image

Answer by Ryan C. · Mar 22, 2013 at 03:28 PM

Where is the DB connection detailed stored? In the web.config in <connectionStrings> ?

The reason I am asking is because on my .NET application, dynaTrace masks the password in my connection string automatically.

My connection string looks this in dynaTrace...
Below is my web.config

  
Comment

People who like this

0 Show 1 · Share
10 |2000000 characters needed characters left characters exceeded
  • Viewable by all users
  • Viewable by moderators
  • Viewable by moderators and the original poster
  • Advanced visibility
Toggle Comment visibility. Current Visibility: Viewable by all users

Up to 10 attachments (including images) can be used with a maximum of 50.0 MiB each and 250.0 MiB total.

avatar image Jason L. · Mar 22, 2013 at 04:08 PM 0
Share

Generally, our DB connection string details are not in the web.config file. They are secured in a database and they are retrieved by using a web service call within the application.

I just checked and we do have small number of applications where the connection strings are in the web.config file. You're right, within dynaTrace, the connection string password displays as "***" instead of being displayed in clear text in cases where the connection strings are in the web.config file.

That being said, can this be considered a dynaTrace bug that the password is not being masked as "***" for connection strings that are NOT in the web.config file? Thanks.

avatar image

Answer by Jason L. · Mar 20, 2013 at 09:23 PM

SQL Server 2005 database. Here is an example of what the displayed connection string displays:

Data Source = CTNGESDB; Integrated Security = false; Persist Security Info = false; Database = db123; User ID =uid12345_rw; Password = pw12345

Comment

People who like this

0 Show 0 · Share
10 |2000000 characters needed characters left characters exceeded
  • Viewable by all users
  • Viewable by moderators
  • Viewable by moderators and the original poster
  • Advanced visibility
Toggle Comment visibility. Current Visibility: Viewable by all users

Up to 10 attachments (including images) can be used with a maximum of 50.0 MiB each and 250.0 MiB total.

avatar image

Answer by Ryan C. · Mar 20, 2013 at 08:44 PM

What kind of database? What version? It is unusual to see the user/pass in the connection string in the PurePath details. Without revealing your password, what does the connection string contain?

Comment

People who like this

0 Show 0 · Share
10 |2000000 characters needed characters left characters exceeded
  • Viewable by all users
  • Viewable by moderators
  • Viewable by moderators and the original poster
  • Advanced visibility
Toggle Comment visibility. Current Visibility: Viewable by all users

Up to 10 attachments (including images) can be used with a maximum of 50.0 MiB each and 250.0 MiB total.

avatar image

Answer by Jason L. · Mar 13, 2013 at 10:07 PM

Hello,

Do you have any ideas on a workaround for this issue that we can use prior to 5.1 being released in the Spring? I need to come up with some method of preventing the database connection string userid/password from showing to any of our end users of dynaTrace without hiding all confidential strings.

Thanks.

Comment

People who like this

0 Show 0 · Share
10 |2000000 characters needed characters left characters exceeded
  • Viewable by all users
  • Viewable by moderators
  • Viewable by moderators and the original poster
  • Advanced visibility
Toggle Comment visibility. Current Visibility: Viewable by all users

Up to 10 attachments (including images) can be used with a maximum of 50.0 MiB each and 250.0 MiB total.

avatar image

Answer by Jason L. · Mar 07, 2013 at 10:17 PM

Hi Andi

Thanks for the information. One follow up question - is the connection string data (specifically userids/passwords) stored within dynaTrace in clear text, or is it encrypted? Thank you.

Comment

People who like this

0 Show 1 · Share
10 |2000000 characters needed characters left characters exceeded
  • Viewable by all users
  • Viewable by moderators
  • Viewable by moderators and the original poster
  • Advanced visibility
Toggle Comment visibility. Current Visibility: Viewable by all users

Up to 10 attachments (including images) can be used with a maximum of 50.0 MiB each and 250.0 MiB total.

avatar image Andreas G. ♦ · Mar 07, 2013 at 11:16 PM 0
Share

All data is stored in a compressed custom format - so - no clear text in the dynaTrace stored sessions

  • 1
  • 2
  • ›

How to get started

First steps in the forum
Read Community User Guide
Best practices of using forum

NAM 2019 SP5 is available


Check the RHEL support added in the latest NAM service pack.

Learn more

LIVE WEBINAR

"Performance Clinic - Monitoring as a Self Service with Dynatrace"


JANUARY 15, 3:00 PM GMT / 10:00 AM ET

Register here

Follow this Question

Answers Answers and Comments

4 People are following this question.

avatar image avatar image avatar image avatar image

Forum Tags

dotnet mobile monitoring load iis 6.5 kubernetes mainframe rest api dashboard framework 7.0 appmon 7 health monitoring adk log monitoring services auto-detection uem webserver test automation license web performance monitoring ios nam probe collector migration mq web services knowledge sharing reports window java hybris javascript appmon sensors good to know extensions search 6.3+ server documentation easytravel web dashboard kibana system profile purelytics docker splunk 6.1 process groups account 7.2 rest dynatrace saas spa guardian appmon administration production user actions postgresql upgrade oneagent measures security Dynatrace Managed transactionflow technologies diagnostics user session monitoring unique users continuous delivery sharing configuration alerting NGINX splitting business transaction client 6.3 installation database scheduler apache mobileapp RUM php dashlet azure purepath agent 7.1 appmonsaas messagebroker nodejs 6.2 android sensor performance warehouse
  • Forums
  • Public Forums
    • Community Connect
    • Dynatrace
      • Dynatrace Open Q&A
    • Application Monitoring & UEM
      • AppMon & UEM Open Q&A
    • Network Application Monitoring
      • NAM Open Q&A