We help IT Professionals succeed at work.

(Discussion)How to secure the password of my database in my connection string?

JackOfPH
JackOfPH asked
on
Medium Priority
281 Views
Last Modified: 2010-04-23
Everybodies comment is welcome... Please don't hesitate to give your Ideas...

How can I secure the password of my database in my connection string?

Here is my connection string...

"'Provider=Microsoft.Jet.OLEDB.4.0;Data Source=|DataDirectory|\Resources\dbRoomReservation.mdb;Persist Security Info=True;Jet OLEDB:Database Password=a"

I am using vb 2005 express...

Thanks in Advance.
{Jack}
Comment
Watch Question

You could encrypt and then store the whole connection string in the registry somewhere, and call it 'on-the-fly' decrypting it on the way...?

http://www.codeproject.com/dotnet/EnterpriseConectionString.asp

Not the solution you were looking for? Getting a personalized solution is easy.

Ask the Experts

Author

Commented:
Thanks for the input...

The method used above is nice especially if you are using sql server...

Author

Commented:
Is there any more Ideas?
I am looking for any different ways in securing connection strings.
So, your comments are still welcome...

{Jack}
I encrypt and decrypt querystring variables in ASP.NET applications when the values hold sensitive information or information I don't want easily available.   I use an encrypt and decrypt function and pass the values to these functions whenever I interact with them.  You could do the same with your connection string password:


Public Class clsSecurity

    Private key() As Byte = {}
    Private IV() As Byte = {&H12, &H34, &H56, &H78, &H90, &HAB, &HCD, &HEF}
    Private sEncryptionKey As String = "12345678"  '64 bit key

#Region "Cryptography Section"
    Public Function Decrypt(ByVal stringToDecrypt As String) As String

        If Len(stringToDecrypt) > 0 Then
            Dim inputByteArray(stringToDecrypt.Length) As Byte
            Try
                key = System.Text.Encoding.UTF8.GetBytes(Left(sEncryptionKey, 8))
                Dim des As New DESCryptoServiceProvider
                inputByteArray = Convert.FromBase64String(stringToDecrypt)
                Dim ms As New MemoryStream
                Dim cs As New CryptoStream(ms, des.CreateDecryptor(key, IV), _
                    CryptoStreamMode.Write)
                cs.Write(inputByteArray, 0, inputByteArray.Length)
                cs.FlushFinalBlock()
                Dim encoding As System.Text.Encoding = System.Text.Encoding.UTF8
                Return IsNull(encoding.GetString(ms.ToArray()), "")
            Catch e As Exception
                Return e.Message
            End Try
        Else
            Return 0
        End If
    End Function

    Public Function Encrypt(ByVal stringToEncrypt As String) As String
        Try
            key = System.Text.Encoding.UTF8.GetBytes(Left(sEncryptionKey, 8))
            Dim des As New DESCryptoServiceProvider
            Dim inputByteArray() As Byte = Encoding.UTF8.GetBytes( _
                stringToEncrypt)
            Dim ms As New MemoryStream
            Dim cs As New CryptoStream(ms, des.CreateEncryptor(key, IV), _
                CryptoStreamMode.Write)
            cs.Write(inputByteArray, 0, inputByteArray.Length)
            cs.FlushFinalBlock()
            Return Convert.ToBase64String(ms.ToArray())
        Catch e As Exception
            Return e.Message
        End Try
    End Function
#End Region

End Class



DarrenSenior Software Engineer
CERTIFIED EXPERT
Commented:
Hi,

Well the idea to encrypt the connection string / password is definitely the first step.

Personally I don't like the registry so I don't use it much. I prefer to use an XML file to store the encrypted string. When using .NET you could also just store the encrypted connection string in either an app.config file for a web.config file or even create your own config file.

I usually encrypt the entire connection string as opposed to the just the password but thats just me.

Hope this helped a little.

Darren

Author

Commented:
Thank you very much...

Access more of Experts Exchange with a free account
Thanks for using Experts Exchange.

Create a free account to continue.

Limited access with a free account allows you to:

  • View three pieces of content (articles, solutions, posts, and videos)
  • Ask the experts questions (counted toward content limit)
  • Customize your dashboard and profile

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.