When modifying the LFDS connection string you have to populate the entire connecting string manually. Is there any reason that it cannot pre-populate with the current values so it can be easily edited?
I understand the frustration. My tentative response would be that the connection string is stored in encrypted form because when using SQL Authentication, it contains the actual username and password of the SQL account. Decrypting and displaying the connection string to users would reveal the plaintext password within the LFDS Web Admin console. This is highly questionable from a security standpoint and would be an high-risk target for compromise.
With that said, what parameters are you most commonly trying to change? SQL Server address, database name, and auth credentials? There's likely a way we can figure out how to make the common cases easier.
Hi Blake, this request is in our backlog and we'll look into it in the future. Unfortunately there are security concerns as Sam mentioned, so it isn't a simple addition.
Note that LFDS 10.4.4 and newer does show connection string examples at least.
Chase,
I do understand the security concerns, but the current SQL Server and Database name are already being shown before you click to edit the Connection String. Can that be configured to show when you click the "Modify connection string" link as well?
We're considering something like the UI you see when initially setting up an LFDS database. See the mockup below.
(Obviously would not pre-fill the SQL Server auth Password field).
Is that closer to what you'd consider ideal?
Your image does not show. Can you try to repost it?
Added as an attachment. Can you see it now?
That is glorious!
Any update on this feature?
Sadly not. The LFDS team is unfortunately (temporarily) down a few members for various reasons so most "nice to have QoL" features we had hoped in tackle in the short term remain on the backlog for now.
Is there any way to determine if Windows Authentication or SQL Server Authentication is being used?
When it's using SQL Server Auth, the DB connection strings in "C:\ProgramData\Laserfiche\LFDS\connections.config" will be fully encrypted.
When it's using WinAuth, they might be in plain text because there are no credentials in the connection string (only a param indicating use of WinAuth). If you have an LFDS instance you know for sure uses WinAuth for its SQL connection, you could sanity check that. I don't have one handy myself at the moment.
I don't have two systems to compare to, but I am almost positive that ours is using Windows Authentication and it looks like the information in the file is encrypted.
There is no way to find out which SQL service user or authentication mode is in use from the LFDS side, since the connection string is encrypted as Sam mentioned. What you can do is take a look from the SQL side though. If you are confident that the current SQL service user is the one that created the LFDS database, you can look at the database Owner property. Otherwise you may want to look at the SQL logs to find out which account is authenticating (you will need to audit logins using Server Properties -> Security -> Login Auditing).
Oh, one surefire way to determine if SQL Authentication is used when the SQL Server is remote:
If the LFDS service is running as a built-in service user (Network Service, Local System) because those present as AD Computer accounts to other machines on the network, and SQL Server does not support adding Computer accounts as security trustees for Win Auth. You are able to use the built-in security principals if SQL Server is on the same machine as LFDS.
If LFDS is running as a build-in service identity: SQL Auth
If LFDS is running as an AD User or gMSA account: SQL Auth or Win Auth