protecting login information

  • Thread starter Thread starter Bob
  • Start date Start date
B

Bob

Right now in order to protect SQL Server login information I have it
hard-coded into my application. I don't exactly like that, but I can't
figure out a way to store it elsewhere since the application itself has to
go find it, with the users credentials. So I was thinking about creating a
little utility to cypher the login and password and store it in a plain text
file; the app would be able to decrypt it and use it but users wouldn't be
able to decode it at all. Is this a good way to protect login info? I don't
want to reinvent the wheel, so I ask here.

TIA,
Bob
 
Right now in order to protect SQL Server login information I have it
hard-coded into my application. I don't exactly like that, but I can't
figure out a way to store it elsewhere since the application itself has to
go find it, with the users credentials. So I was thinking about creating a
little utility to cypher the login and password and store it in a plain
text
file; the app would be able to decrypt it and use it but users wouldn't be
able to decode it at all. Is this a good way to protect login info? I
don't
want to reinvent the wheel, so I ask here.

Sure, you could do that. For example, America Online Instant Messenger
stores passwords for auto-login in the registry as a cyphered string.

You could also store your cypher as a key in your App.config file next to
your connection string key and use
System.Configuration.ConfigurationSettings.AppSettings to get the password
cypher, uncypher it and append it to your connection string at runtime.

If you can use Windows Authentication with your SQL Server, I think that's a
lot better, because then you don't have to worry about it.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Back
Top