Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

securing connectionstring [duplicate]

Tags:

.net

security

winforms

visual-studio-2008

app-config

Possible Duplicate:
How to encrypt connection string in WinForms 1.1 app.config?

What's the best method for securing connectionstring information in an app.config file for deployed winforms applications?

reference

like image 366
Bruce Adams Avatar asked Mar 04 '10 05:03

Bruce Adams

People also ask

How do I secure my ConnectionString?

The best way to secure the database connection string is to encrypt the value within the configuration file. The application would then load the encrypted value from the config file, decrypt the value, and then use the decrypted value as the connection string to connect to the database.

Should you encrypt connection strings?

It means that connection specific information such as database name, username, and password are stored as a clear text in a file. This is definitely a security concern for your Production servers. This is why the connection strings should be encrypted.

Where should you store the connection string information?

Connection strings in configuration files are typically stored inside the <connectionStrings> element in the app. config for a Windows application, or the web. config file for an ASP.NET application.

How do you read ConnectionString from configuration file into code behind?

To read the connection string into your code, use the ConfigurationManager class. string connStr = ConfigurationManager. ConnectionStrings["myConnectionString"].

2 Answers

The most secure way (assuming Windows clients and a supported database server) is to use integrated authentication, and avoid distributing passwords with connection strings at all.

Data Source=servername;Initial Catalog=dbname;Integrated Security=SSPI;

Each user will need access to the database server. I've found the easiest way to do this is with active directory groups - give the group appropriate access on the database server, and add and remove users from that group as needed.

like image 172
Michael Petrotta Avatar answered Oct 26 '22 23:10

Michael Petrotta

Encrypt it, either manually or using the config tool distributed with EntLib.

this should get you started.

Edit: of course, as others have said, using integrated security is your best bet, but I understand that there are times that this is not an option.

In these cases, you will need to do a little extra work. I have done it before and know it works. I will link to an article that describes the challenges and ultimately the working solution for doing this with windows applications.

warning: put on some sunglasses before clicking this link.

http://guy.dotnet-expertise.com/PermaLink,guid,b3850894-3a8e-4b0a-aa52-5fa1d1216377.aspx

like image 27
Sky Sanders Avatar answered Oct 26 '22 22:10

Sky Sanders
Sign in to Comment

Related questions

Windows Device Emulator V3, windows 7 + Network
Requested Execution Level for a dll
How to authenticate and keep track of users with WCF/JSON?
Get a user's group memberships from Active Directory
Using RegisterDeviceNotification in a .NET app
How to build a messaging system in .NET?
How easily customizable are SAP industry-specific solutions?
Is there a way to view only the instance methods of an object in Visual Studio's Intellisense?
Tree Collection in .NET
Tell abcPdf to scale the html to fit on a single pdf page
Is there an easy way to navigate a List<t> object?
Linq statement to iterate through a collection and making sure each item is in the correct order?
Adding .NET App to Registry to Launch after Reboot to Complete Certain Actions
FTP upload using .NET
What is the best way to secure a webservice?
Getting XY location of text within TextBox/RichTextBox
Performance comparison for logging to MSMQ / text file / database
How can I mock the ASP.NET ServerVariables["HTTP_HOST"] value?
How to estimate end time of method in WinForms to properly inform user about predicted time of finish?
This document already has a ' DocumentElement ' node

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!