The Outlook Add-In I wrote already does this, so I could probably pinch most of the code if someone could point me in the correct direction.Įdit: Attempt at Encrypting Connection String for ODC files OFFICE 2016 MAIL MERGE COLLATE .EXEEXE program) then that would also be a great solution. I mentioned a Word Add-In, if Word can use one of those to request the connection details directly (not through a separate. EXE program, but at a minimum something that stores the details in an encrypted form. UDL files, ideally MS Word / Office 365 requesting the details from a. Locking down the database to specific IPs is not currently an option (clients, not us!) These details are stored in plain text, and so are a nasty security hole. UDL file for SQL connection details for Mail Merges. Likewise, if that laptop is lost or stolen, the person that ends up with it still can't get the details, because they won't have a login to our software.Īssuming, of course, that it's somehow possible to get MS Word / Office 365 to get the connection details from anything other than a file containing them in plain text. OFFICE 2016 MAIL MERGE COLLATE SOFTWARESo, not only does no-one know the SQL connection details, any User that leaves has their software Username and Password revoked, so even if they still have the software (for example on a laptop) they can no longer access the system. UDL file, we could apply the same solution and require the User to select the database and log in (with their software Username and Password, NOT the SQL Username and Password). If it was possible for MS Word / Office 365 (perhaps via an Add-In, I've written Outlook Add-Ins so could give it a go) to request the connection details from a program instead of a. a Live, a Test and a UAT, and their version of the software can only see their databases) from our server. When the software starts, it requests the encrypted connection details for the selected database (most companies have several, e.g. in app.config), they're all stored heavily encrypted on our server. None of the rest of our software has hard-coded connection strings (e.g. Something that has encrypted details would at least be an improvement, but an ideal solution for us would be for MS Word / Office 365 to request the details from an. UDL file, somehow, that will allow us to still use MS Word / Office 365 to perform mail merges. UDL file, we are potentially putting this (and undoubtedly others) company in the situation someone can leak the database connection details and that's it, game over. In the case of at least one company, they want it accessible from people working at home / on site etc, and currently don't have any form of VPN set up to allow us to lock down which IP addresses can access it (we are trying to talk them into that!). This database is of course not physically located in their premises, it's in the cloud, and as such can be accessed from anywhere. UDL file to point to the SQL Azure database. OFFICE 2016 MAIL MERGE COLLATE UPDATEWe have duly modified our software to work entirely over Azure too, and are in the process of testing it.Īnd during the testing, we've come to the point where we need to update the. However, we now have several companies (and more to come, no doubt) wanting to move over to a cloud-based system. So, there was a security hole, but given someone would have to be physically in the building to take advantage of it, it was trivial. Up to now, this hasn't been a major issue: all of our clients have our software and their databases installed on a server physically located on their premises, and not externally accessible. UDL file is stored in plain text, including Username and Password (because Microsoft and security are two mutually exclusive concepts). Initial Catalog=DatabaseCatalogInPlainText Īs indicated, all the information in a. Everything after this line is an OLE DB initstringĭata Source=SQLInstanceInPlainText\SQLServerInPlainText In order for Word to know where to get the merge field list and data from, we set up a. We provide a large software suite, which amongst its functionality includes the ability to perform Mail Merges in MS Word / Office 365.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |