Config file settings

G

Guest

I use the app.config file to store my SQL Connection String settings (currently using integrated security)

e.g.

<add key="MyDatabase" value="data source=MyPC\Development;initial catalog=MyDatabase;Integrated Security=SSPI;packet size=4096" /

Whilst I will use SQL authentication for some PCs I do not wish for the UID or PWD to be revealed on a live app
How can I use the config file safely to include SQL Authentication without revealing them in the released config file

Thank
Gerr
 
P

Palo Mraz

Whilst I will use SQL authentication for some PCs I do not wish for the
UID or PWD to be revealed on a live app.
How can I use the config file safely to include SQL Authentication without
Click to expand...
revealing them in the released config file ?

Gerry, you might want to checkout this:

http://www.derkeiler.com/Mailing-Lists/securityfocus/focus-ms/2002-01/0066.html

It's about web apps, but I think it might be wise to use the advice
(use integrated SQL Server security) for client apps as well.

Regards,

Palo

PS: Does your client apps connect directly to SQL Server? If yes, you
might want to add a tier or two :)

--
http://dact.lamarvin.com/
AutoComplete component for WinForms applications. Easy to integrate, easier
to use!
http://www.vbinfozine.com/
An ordinary VB developer shares his own successes and failures
 
E

EricJ

you can keep an incrypted value in the config file decrypting it as you read
it in your app, if you yust want to prevent direct reading the easyest is to
add a number to the ascii value of the chars.
i know someone here is working on something to encrypt our own type of
config file, you could try that 2. Its all up to you and how safe do you
want to be.

eric

Gerry said:
I use the app.config file to store my SQL Connection String settings
Click to expand...
(currently using integrated security):
e.g.

<add key="MyDatabase" value="data source=MyPC\Development;initial
Click to expand...
catalog=MyDatabase;Integrated Security=SSPI;packet size=4096" />
Whilst I will use SQL authentication for some PCs I do not wish for the
Click to expand...
UID or PWD to be revealed on a live app.
How can I use the config file safely to include SQL Authentication without
Click to expand...
revealing them in the released config file ?
 
R

Raymond Lewallen

Gerry,

Look at System.Security.Cryptography namespace.
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/cpref/html/
frlrfSystemSecurityCryptography.asp

HTH,

Raymond Lewallen


Gerry said:
I use the app.config file to store my SQL Connection String settings
Click to expand...
(currently using integrated security):
e.g.

<add key="MyDatabase" value="data source=MyPC\Development;initial
Click to expand...
catalog=MyDatabase;Integrated Security=SSPI;packet size=4096" />
Whilst I will use SQL authentication for some PCs I do not wish for the
Click to expand...
UID or PWD to be revealed on a live app.
How can I use the config file safely to include SQL Authentication without
Click to expand...
revealing them in the released config file ?
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

How To :App.Config 3
How to get the primary key back after you done a single line insert? 2
URGENT- Unable to connect to the SQL Server 4
OleDbConnection: ASP vs ASP .Net 2
How to write a config file to connect database ? 1
How to connect to database 6
Programmatically write to app.config file in vb.net code 4
Unexpected behavior using ConstructionEnabled attribute 1

Top