ansaurus

Question

Answer 1

+1 A:

You should store your connection string in a config file and encrypt that section. See http://www.4guysfromrolla.com/articles/021506-1.aspx or http://msdn.microsoft.com/en-us/library/89211k9b%28VS.80%29.aspx.

Jonas Lincoln 2010-01-29 07:34:24

Answer 2

A:

You can encrypt sections in the app.config in the same way as web.config. MS calls it Protected Configuration. Since both the enrypted data and the key resides on the same machine it only makes it harder but in theory not impossible to get to the data.

Jonas Elfström 2010-01-29 07:34:33

Answer 3

+1 A:

No, you can only make it difficult

It is better to let the application use a special database login which only got access to the tables/procedures necessary.

adrianm 2010-01-29 07:35:22

Answer 4

A:

There are two ways of doing it:

1) You can use Configuration Secure Section to encrypt and decrypt connection strimng from your source code:

try
    {
        // Open the configuration file and retrieve 
        // the connectionStrings section.
        Configuration config = ConfigurationManager.
            OpenExeConfiguration(exeConfigName);

        ConnectionStringsSection section =
            config.GetSection("connectionStrings")
            as ConnectionStringsSection;

        if (section.SectionInformation.IsProtected)
        {
            // Remove encryption.
            section.SectionInformation.UnprotectSection();
        }
        else
        {
            // Encrypt the section.
            section.SectionInformation.ProtectSection(
                "DataProtectionConfigurationProvider");
        }
        // Save the current configuration.
        config.Save();

        Console.WriteLine("Protected={0}",
            section.SectionInformation.IsProtected);
    }
    catch (Exception ex)
    {
        Console.WriteLine(ex.Message);
    }

2) You can Enterprise Library Data Access Application Block to perform the encryption using RSAProtectedConfigurationProvider or DPAPIProtectedConfigurationProvider.

For a full articvle go to --> http://msdn.microsoft.com/en-us/library/89211k9b(VS.80).aspx

Bhaskar 2010-01-29 07:46:11

thanks, but i dont know how to implement this. I just have a dll created out of my c# project - no exe and no app.config? also this dll has to be used on different computers and users!

Tobi 2010-01-29 07:55:11

One way is, you can create a XML file and store your settings in that. Then you can keep that XML in some specific location in each of ur deploying machines, and then you can read it. One of the best technique is to use a custom configuartion manager, i.e. a different class library which manages your configuration items, and ur main DLL would reference that or you could use the Congfiguration Block present in Enterprise Library.

Bhaskar 2010-01-29 08:32:32

Answer 5

A:

you can also store the UserName and Password in the Registry instead of storing in the config file. Read the Username and Password from registry when trying to connect to the database. Remember you have to Encrypt the Username and password while storing in the Registry and Decrypt the Username and Password while retrieving from the Registry.

balram 2010-01-29 08:45:03

ansaurus

tags:

views:

answers:

encrypt SQL connectionstring c#

related questions