T
Tyson Marchuk
Hello,
Background info
Kind of new to using databases and I'm writing an app in C# which connects
to a MySQL database. I was using the ODBC connector and a DSN entry to
connect to the database but I've since found out that the ODBC connector has
been bugged for some time and you can't send it numeric values (read
floating point values) which basically makes it useless so I'm trying to
switch to the MySQL .NET connector which I believe can handle this case.
Question
Basically I just want to connect to a known database with a known
username/password. I don't want to prompt the user for a name/password
because they don't know this information (and in my opinion they shouldn't).
My concern is that if I put this information in a connection string in code
then it's available in the compiled version of the application so anyone can
lookup the username/password with a hex editor or some-such. I guess I just
want to know what the 'proper' way is to handle connection string data so
that it's relatively safe. I'm not super-paranoid about security because it
won't be run on a generally accesible computer but it just seems stupid to
me to put a password in plaintext in a source file...
Thanks for any help anyone can provide,
-Tyson Marchuk
Background info
Kind of new to using databases and I'm writing an app in C# which connects
to a MySQL database. I was using the ODBC connector and a DSN entry to
connect to the database but I've since found out that the ODBC connector has
been bugged for some time and you can't send it numeric values (read
floating point values) which basically makes it useless so I'm trying to
switch to the MySQL .NET connector which I believe can handle this case.
Question
Basically I just want to connect to a known database with a known
username/password. I don't want to prompt the user for a name/password
because they don't know this information (and in my opinion they shouldn't).
My concern is that if I put this information in a connection string in code
then it's available in the compiled version of the application so anyone can
lookup the username/password with a hex editor or some-such. I guess I just
want to know what the 'proper' way is to handle connection string data so
that it's relatively safe. I'm not super-paranoid about security because it
won't be run on a generally accesible computer but it just seems stupid to
me to put a password in plaintext in a source file...
Thanks for any help anyone can provide,
-Tyson Marchuk
