tags:

views:

403

answers:

3
+2  Q: 

securing app.config - VB.Net 3.5

I'm using Visual Studio 2008 Pro to create a VB Winform App. I have some custom configuration settings as well as a MS SQL connection string in my app.config file.

  1. What is the best method to insure that no one can read these settings in the app.config?
  2. Are there any other area's that would have the connection string in plain text that I might want to consider securing as well?

Thank you!

+5  A: 

One method to protect your app.config is to encrypt it from prying eyes. Check out this article on Encrypting Passwords in a .NET app.config File or this one on Encrypting the app.config File for Windows Forms Applications.

In response to part two of your question: memory! Unencrypted data can hang around in unprotected memory until the Garbage Collector picks it up. So for that reason you'll want to look at using the SecureString class whenever you deal with passwords, connection strings and the like. The first article touches on this point.

Gavin Miller  2009-09-22 19:48:42
Yeap- that's the technique I use too. I have some more links in a question I answered previously- http://stackoverflow.com/questions/1075245/encrypting-web-config/1075312#1075312
RichardOD  2009-09-22 19:51:48
Thank you for your assistance ...That points me in the right direction. In addition, the info on the SecureString class will be a great help as well.Thanks again!
dc  2009-09-23 13:52:02
+1  A: 

Check this article out

http://guy.dotnet-expertise.com/PermaLink,guid,b3850894-3a8e-4b0a-aa52-5fa1d1216377.aspx

Edit

It may not be as easy as everyone else is saying. I'm not sure if things have changed, but this article outlines challenges actually faced by someone trying this, and the final solution, which worked.

David Stratton  2009-09-22 19:49:12
Thanks for the link. Reading that article seems to make me think that there really is no good way (still) to secure an app.
dc  2009-09-23 13:57:05
A: 

There's a post explaining how to encrypt settings in app.config file.

Darin Dimitrov  2009-09-22 19:50:06
Thank you for the link ...I always like code examples. I never seem to get it right by just reading about it.
dc  2009-09-23 13:54:13

related questions

Subsonic Vs NHibernate
How to check For File Lock in C# ?
Is nAnt still supported and suitable for .net 3.5/VS2008?
Limit size of Queue<T> in .NET?
Viewstate invalid when using Safari
Free OCR library
Unhandled Exception Handler in .NET 1.1
Localising date format descriptors
Get a new object instance from a Type in C#
VFP .NET OLEdb provider does not work in Win 64-Bits. Help
.NET Testing Framework Advice
Embedded Database for .net that can run off a network
Automatically update version number
Homegrown consumption of web services
How do you migrate a large app from VB6 to VB .net ?
.NET Migrations Engine
Adding Scripting functionality to .NET applications
SQLite and XSD
Floating Point Number parsing: Is there a Catch All algorithm?
How do I programmatically create a PDF in my .NET application?
How do I sync the SVN revision number with my ASP.NET web site?
XSD DataSets and ignoring foreign keys
Anatomy of a "Memory Leak"
Reliable Timer in a Console Application
How do I calculate relative time?