protect my database connection string
-
how can i protect my string: provate string conn_string = @"Provider=Microsoft.Jet.OLEDB.4.0;Data Source=" + Application.StartupPath + "/" + "mydatabase.mdb" + ";Jet OLEDB:Database Password=mypassword;"; in this way everyone can get "mypassword" so how can i protect it?
-
how can i protect my string: provate string conn_string = @"Provider=Microsoft.Jet.OLEDB.4.0;Data Source=" + Application.StartupPath + "/" + "mydatabase.mdb" + ";Jet OLEDB:Database Password=mypassword;"; in this way everyone can get "mypassword" so how can i protect it?
-
Not everyone, unless you put that in a publically available file. Then the solution would obviously be not to. From whom do you need to protect it? --- b { font-weight: normal; }
-
how can i protect my string: provate string conn_string = @"Provider=Microsoft.Jet.OLEDB.4.0;Data Source=" + Application.StartupPath + "/" + "mydatabase.mdb" + ";Jet OLEDB:Database Password=mypassword;"; in this way everyone can get "mypassword" so how can i protect it?
You put your connection string in your configuration file and you encrypt it. You of course have to decrypt it to use it. Take a look at Microsoft's Enterprise Library in their "Patterns and Practices" stuff. The Enterprise Library includes "Application Blocks" for Encryption, Configuration, Database Access, Logging, Exceptions, and more I think. It's huge but there's a lot of good stuff in there if you choose to use it. Also, there's a property (sorry I don't remember the name) on the Connection objects that directs it not to store sensitive info. This is only the password in Oracle's ODP.Net but I think SQL Server's Connection is supposed to drop the Id as well. I don't know about OLEDB. Good luck.
-
how can i protect my string: provate string conn_string = @"Provider=Microsoft.Jet.OLEDB.4.0;Data Source=" + Application.StartupPath + "/" + "mydatabase.mdb" + ";Jet OLEDB:Database Password=mypassword;"; in this way everyone can get "mypassword" so how can i protect it?
What we would do is the following: 1) put the connection string in a config file 2) encapsulate getting the string from the config file 3) once you are successful in getting the read from db working in a test configuration, add an encryption module. 4) write a quick and dirty that encrypts any string and shows the result 5) use your encryption technique and encrypt the string 6) replace your connection string with the encrypted data 7) add the decryption in your encapsulated routine and verify you can still access the database 8) now place the encryption/decryption key in the registry and lock it down with security so that only your application has the rights to read it. There are 10 kinds of people in the world.
Those that read binary...
...and those who don't. -
Not everyone, unless you put that in a publically available file. Then the solution would obviously be not to. From whom do you need to protect it? --- b { font-weight: normal; }
This How To shows you how to create a managed class library that exposes DPAPI functionality to applications that want to encrypt data, for example, database connection strings and account credentials. DevIntelligence.com - My blog for .Net Developers
-
What we would do is the following: 1) put the connection string in a config file 2) encapsulate getting the string from the config file 3) once you are successful in getting the read from db working in a test configuration, add an encryption module. 4) write a quick and dirty that encrypts any string and shows the result 5) use your encryption technique and encrypt the string 6) replace your connection string with the encrypted data 7) add the decryption in your encapsulated routine and verify you can still access the database 8) now place the encryption/decryption key in the registry and lock it down with security so that only your application has the rights to read it. There are 10 kinds of people in the world.
Those that read binary...
...and those who don't.