Best practices for database password
-
I am looking for suggestions of best practices on where/how to store a database password that allows the application to open the database. It is not recommended storing it in the application, especially since .NET can be de-compiled.
-
sn dont permit that the code is dissambled store a password in a exe file is wrong,but if you store the pass crypted, and in exe make an function that decrypt the pass like ASP
If you can get at the IL in a .NET assembly you can most certainly find out where the decrypt function is and use it.
Do you want to know more? WDevs.com - Open Source Code Hosting, Blogs, FTP, Mail and Forums
Upcoming talk: SELECT UserName, Password FROM Users -- Getting unauthorised access to a SQL Server, and how to prevent it.
-
I am looking for suggestions of best practices on where/how to store a database password that allows the application to open the database. It is not recommended storing it in the application, especially since .NET can be de-compiled.
If you are using SQL Server I'd recommend going with a trusted connection - that way the OS does the authentication.
Do you want to know more? WDevs.com - Open Source Code Hosting, Blogs, FTP, Mail and Forums
Upcoming talk: SELECT UserName, Password FROM Users -- Getting unauthorised access to a SQL Server, and how to prevent it.
-
If you are using SQL Server I'd recommend going with a trusted connection - that way the OS does the authentication.
Do you want to know more? WDevs.com - Open Source Code Hosting, Blogs, FTP, Mail and Forums
Upcoming talk: SELECT UserName, Password FROM Users -- Getting unauthorised access to a SQL Server, and how to prevent it.