Hiding or Securing Connection String

Christopher Stratmann

I would like to securely hide a connection string from anyone trying to break my C# assembly. I know I cannot just stick my connection string within my C# assembly because the use of Reflection would reveal it. Even through an Obfuscator the connection string can be somewhat hidden but not very securely. Putting the connection string in the app.config file and having Visual Studio automatically encrypt it is still not very secure in my eyes. I was thinking about storing it within a C++ unmanaged dll to prevent the use of reflection but I dont know if that is secure and also how do would I stop someone else from using that C++ unmanaged dll? Has anyone found a good method out there that can be totally secure without using third party software and without using a web server? Chris

Vasudevan Deepak Kumar

Check this out http://www.codeproject.com/aspnet/secure_connectionstrings.asp[^]

Vasudevan Deepak Kumar Personal Homepage
Tech Gossips
Yesterday is a canceled check. Tomorrow is a promissory note. Today is the ready cash. USE IT.

Ennis Ray Lynch Jr

For actual security you would need a password to be entered on application startup allowing you to use the System.Security.Cryptography namespace's cryptography classes.

---

Need a C# Consultant? I'm available.
Happiness in intelligent people is the rarest thing I know. -- Ernest Hemingway