connection string in app.config security problem

G

Guest

Dear all,
if we write the connection string in app.config, then it can be changed
easily after deploying, but the password, and user name will be exposed to
the client and posing a security problem to the sql server, any good advice
to do this
 
C

Claes Bergefall

Encrypting the string would be one solution.
Not storing it in app.config (nor in any other
easy to read location) is another one.

Both would require some kind of admin program
to change it though.

It all depends on what kind of security you need
(and what kind of users you have). Maybe it's enough
to limit write access to the file?

/claes
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

getting the connectionstring from app.config 1
PropertyGrid and app.config 0
VS 2005 publish and app.config encryption problem 2
Where to Store Database Connection String Info for Windows Forms Application 8
Windows Forms security in app.config? 1
accessing connection string in data access layer 2
Modify app.config in VB.NET 16
Multiple App.config files with ClickOnce 4

Top