EWL is a bit egocentric on connection string


#1

I want to use this feature of a connection string: https://msdn.microsoft.com/en-us/library/ms131691(SQL.100).aspx

I can’t. I’m sure there are other features of connection strings that we’ve never seen or used before that someone else has a legitimate reason to use, but EWL has positioned itself to have to specifically implement each feature on a case by case basis. What’s the justification for this?


#2

There’s no justification other than the fact that nobody thus far has needed special items in the connection string. I’d probably be open to adding some sort of “additional connection string variables” element to the config schema. But definitely be careful when disabling cert validation; I hear security specialists talking about those vulnerabilities on a regular basis.


#3

How could using an SSL connection without cert validation be less secure than not using an SSL connection at all?


#4

I wouldn’t say it’s less, but it’s not really more either. Somebody can put a proxy server in the middle, decrypt all the traffic, and re-encrypt it with their own certificate, which you’ll accept because you’re not doing validation.