Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

securing connectionstring [duplicate]

Possible Duplicate:
How to encrypt connection string in WinForms 1.1 app.config?

What's the best method for securing connectionstring information in an app.config file for deployed winforms applications?

reference

like image 366
Bruce Adams Avatar asked Mar 04 '10 05:03

Bruce Adams


People also ask

How do I secure my ConnectionString?

The best way to secure the database connection string is to encrypt the value within the configuration file. The application would then load the encrypted value from the config file, decrypt the value, and then use the decrypted value as the connection string to connect to the database.

Should you encrypt connection strings?

It means that connection specific information such as database name, username, and password are stored as a clear text in a file. This is definitely a security concern for your Production servers. This is why the connection strings should be encrypted.

Where should you store the connection string information?

Connection strings in configuration files are typically stored inside the <connectionStrings> element in the app. config for a Windows application, or the web. config file for an ASP.NET application.

How do you read ConnectionString from configuration file into code behind?

To read the connection string into your code, use the ConfigurationManager class. string connStr = ConfigurationManager. ConnectionStrings["myConnectionString"].


2 Answers

The most secure way (assuming Windows clients and a supported database server) is to use integrated authentication, and avoid distributing passwords with connection strings at all.

Data Source=servername;Initial Catalog=dbname;Integrated Security=SSPI;

Each user will need access to the database server. I've found the easiest way to do this is with active directory groups - give the group appropriate access on the database server, and add and remove users from that group as needed.

like image 172
Michael Petrotta Avatar answered Oct 26 '22 23:10

Michael Petrotta


Encrypt it, either manually or using the config tool distributed with EntLib.

this should get you started.

Edit: of course, as others have said, using integrated security is your best bet, but I understand that there are times that this is not an option.

In these cases, you will need to do a little extra work. I have done it before and know it works. I will link to an article that describes the challenges and ultimately the working solution for doing this with windows applications.

warning: put on some sunglasses before clicking this link.

http://guy.dotnet-expertise.com/PermaLink,guid,b3850894-3a8e-4b0a-aa52-5fa1d1216377.aspx

like image 27
Sky Sanders Avatar answered Oct 26 '22 22:10

Sky Sanders