Persist Security Info Property=true and Persist Security Info Property=false

Even if you set Persist Security Info=true OR Persist Security Info=false it won't show a difference up front. The difference is happening in the background.

When Persist Security Info=False, security-sensitive information, such as the password, is not returned as part of the connection if the connection is open or has ever been in an open state.

If you set Persist Security Info=True, Windows will remember the password specified in the connection string.

That's the difference.

MSDN Explanation

Setting Persist Security Info true or false will come into effect only if you mention username and password in the connection string. If you mention username and password in the connection string and set Persist Security Info as false then the credentials cannot be extracted, but if you set Persist Security Info as true while giving credentials in the connection string, windows will remember the credentials, and it can be extracted programmatically.


I found this answer here from Dan Guzman, SQL Server MVP:

I suggest you specify FALSE or omit the keyword entirely since it is the default, even during development. The only time you need to specify TRUE is if the application uses SQL authentication and subsequently retrieves the password from the connection object, which in my experience is rarely done or needed. Performance is not a concern.