Why to close database connection in a desktop application
https://stackoverflow.com/questions/12108368
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianQuestion
When user logs in. I Open connection 'conn' which is a public static member my dbclass which has all functions related to database. Then conn remains open until application is closed
It does not degrade the application performance measurably but enhances the database queries performance remarkably.
Is there any security issue? If the database is centralized and two or 3 PC's using it with independent applications, Then what security issue can be there due to opening connection on log in?
Or any other problem to be faced in future?
Edit in reply to first comment
I checked by timespan.totalmilliseconds. It takes bit lesser than twice time when involves open and executing query than just executing query when connection is already open
Edit --- The Actual answer required.
If some one with good reason tells me that no there is no security issue or with a good reason tells yes this one is the major security issue. That will be accepted answer after waiting others responses.
By Google search i did not find any article/answer which would be to the point to my question.
La solution
The first issue I can think of is the case where for whatever reason the connection closes (firewall ?).
If you are keeping the connection open and for some reason the connection is forced to close, your program will need to be restarted in order to be usable again. But, if you only open the connection when a query needs to be made then close it again. Even if the connection is closed then your program will try to reconnect when a new query needs to be made.
This is assuming we are talking about a single computer accessing a single database. If we are talking about a database that more people can access then never closing the connection will cause issues with the host (maximum connections reached) at some point. Not to mention how prone it will be to attacks that cause your connection numbers to reach maximum in just a few seconds.
Autres conseils
The risk is that connection string may be stolen. Even if you declare your SqlConnection object as private. You should minimize user privileges. Also it's possible to encrypt connection string. But in any case I think it's unsafe.
