Hi All,
I have successfully implemented SUBSONIC DAL in my desktop application. it was superb experience. but subsonic reads database password from app.config file. as app.config deploy with application on client side, therefore its a big security threat.
It would be helpful if i can read database password from a variable instead of app.config.
Thanks in advance,
Regards.
The short answer to this is probably not going to happen because it would mean that either you need to add all the source files to your current project and change the way subsonic loads the connection string.
If you are worried about passwords being deployed to the client then it might be a better idea to use integrated security which works brilliantly.
Also you did not specify which version you are using , since modifying v3 is a little easier in my opinion
The easiest and best way to protect connection string data is to encrypt the connection string section of the app.config
Read here http://msdn.microsoft.com/en-us/library/system.configuration.rsaprotectedconfigurationprovider.aspx