How can I have a user select a local MS SQL database using vb.net? TIA SAL

G

Guest

Greets

I have sucessfully created a sql database and vb.net program locally connecting to my local server.
(I used visual studio 2003)
I would like to send the database along with the compiled vb.net code to the user. The problem is the users
machine and msde server are going to have different names. How do I change this in my code to have
the user select thier sql server and sql database located locally on his/her machine.

PS the user will have msde installed

TIA
 
R

Richard Myers

You shouldn't be storing the connection in your code. Store it in the config file or registry. If
the data is sensitive be sure and encrypt the string as well.

hth
Richard
 
C

Cor Ligthert

Richard,

I have seen this on MSDN as well. However I do not understand the last
sentence, can you tell me why?
You shouldn't be storing the connection in your code. Store it in the
registry. If the data >is sensitive be sure and encrypt the string as
well.
Click to expand...

This implies for me that the registry of a Microsoft Webserver is insecure,
even for people who are not able to decrypt a string.

Cor
 
R

Richard Myers

Hi Cor,

Its just a general design strategy of reducing the attack surface of an application/security in
depth.

Often times people build these fortresses with really high walls but once your inside your free to
roam about the softest of centers. By encrypting the connection string (if it contains the username
and password of SQL logon account rather than integrated security) you create yet another defense
against attack.i.ebake security into every layer of your application right from the get go. Dont
rely on a single component for all aspects of security.

Just becuase they can hack a server doesn;t mean they access they can access the registry. But if as
in my previous post you are storing to the config file then they wont need too.

With respect to the registry, you might then say that if the server is breached such that the
attacker could access the registry then they might not even need the registry key to get at the SQL
data. You might be right, but given the simplicity of encryption in dotNet framework i see little
penalty for the encryption of a registry value and as a course of habit, to me it makes sense to do
it.

Its only got to prove its merit once.

Oao
Richard
 
C

Cor Ligthert

Richard,
With respect to the registry, you might then say that if the server is
breached such that the
attacker could access the registry then they might not even need the
registry key to get at the SQL
data. You might be right, but given the simplicity of encryption in dotNet
framework i see little
penalty for the encryption of a registry value and as a course of habit,
to me it makes sense to do
it.
Click to expand...
Exactly that above would have been my next message when you had not written
it, however about the complete context of your message we agree.

(I expressly deleted the config file from your message, I understand that
you saw that)

Cor
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

How can I have a user select a local MS SQL database using vb.net? TIA SAL 4
How to call SQL Function from vb.net 2
Installing a database in SQL Express during VB app setup 2
Help Creating different mailing labels on a page using vb.net tia Sal 2
How to embed MS SQL Server Installation using VB.NET Setup project. 0
Fast SQL Server Stored Procedure runs slow in VB.NET 4
Trying to get a VB.net sample working with SQL Server. 7
VB.Net app send information via HTTP to SQL server 9

Top