?
Solved

(Discussion)How to secure the password of my database in my connection string?

Posted on 2006-10-26
6
Medium Priority
?
269 Views
Last Modified: 2010-04-23
Everybodies comment is welcome... Please don't hesitate to give your Ideas...

How can I secure the password of my database in my connection string?

Here is my connection string...

"'Provider=Microsoft.Jet.OLEDB.4.0;Data Source=|DataDirectory|\Resources\dbRoomReservation.mdb;Persist Security Info=True;Jet OLEDB:Database Password=a"

I am using vb 2005 express...

Thanks in Advance.
{Jack}
0
Comment
Question by:JackOfPH
6 Comments
 
LVL 9

Assisted Solution

by:DjDezmond
DjDezmond earned 600 total points
ID: 17809960
You could encrypt and then store the whole connection string in the registry somewhere, and call it 'on-the-fly' decrypting it on the way...?

http://www.codeproject.com/dotnet/EnterpriseConectionString.asp
0
 
LVL 15

Author Comment

by:JackOfPH
ID: 17810141
Thanks for the input...

The method used above is nice especially if you are using sql server...
0
 
LVL 15

Author Comment

by:JackOfPH
ID: 17810149
Is there any more Ideas?
I am looking for any different ways in securing connection strings.
So, your comments are still welcome...

{Jack}
0
VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

 
LVL 4

Accepted Solution

by:
escheider earned 800 total points
ID: 17810624
I encrypt and decrypt querystring variables in ASP.NET applications when the values hold sensitive information or information I don't want easily available.   I use an encrypt and decrypt function and pass the values to these functions whenever I interact with them.  You could do the same with your connection string password:


Public Class clsSecurity

    Private key() As Byte = {}
    Private IV() As Byte = {&H12, &H34, &H56, &H78, &H90, &HAB, &HCD, &HEF}
    Private sEncryptionKey As String = "12345678"  '64 bit key

#Region "Cryptography Section"
    Public Function Decrypt(ByVal stringToDecrypt As String) As String

        If Len(stringToDecrypt) > 0 Then
            Dim inputByteArray(stringToDecrypt.Length) As Byte
            Try
                key = System.Text.Encoding.UTF8.GetBytes(Left(sEncryptionKey, 8))
                Dim des As New DESCryptoServiceProvider
                inputByteArray = Convert.FromBase64String(stringToDecrypt)
                Dim ms As New MemoryStream
                Dim cs As New CryptoStream(ms, des.CreateDecryptor(key, IV), _
                    CryptoStreamMode.Write)
                cs.Write(inputByteArray, 0, inputByteArray.Length)
                cs.FlushFinalBlock()
                Dim encoding As System.Text.Encoding = System.Text.Encoding.UTF8
                Return IsNull(encoding.GetString(ms.ToArray()), "")
            Catch e As Exception
                Return e.Message
            End Try
        Else
            Return 0
        End If
    End Function

    Public Function Encrypt(ByVal stringToEncrypt As String) As String
        Try
            key = System.Text.Encoding.UTF8.GetBytes(Left(sEncryptionKey, 8))
            Dim des As New DESCryptoServiceProvider
            Dim inputByteArray() As Byte = Encoding.UTF8.GetBytes( _
                stringToEncrypt)
            Dim ms As New MemoryStream
            Dim cs As New CryptoStream(ms, des.CreateEncryptor(key, IV), _
                CryptoStreamMode.Write)
            cs.Write(inputByteArray, 0, inputByteArray.Length)
            cs.FlushFinalBlock()
            Return Convert.ToBase64String(ms.ToArray())
        Catch e As Exception
            Return e.Message
        End Try
    End Function
#End Region

End Class



0
 
LVL 18

Assisted Solution

by:DarrenD
DarrenD earned 600 total points
ID: 17810660
Hi,

Well the idea to encrypt the connection string / password is definitely the first step.

Personally I don't like the registry so I don't use it much. I prefer to use an XML file to store the encrypted string. When using .NET you could also just store the encrypted connection string in either an app.config file for a web.config file or even create your own config file.

I usually encrypt the entire connection string as opposed to the just the password but thats just me.

Hope this helped a little.

Darren
0
 
LVL 15

Author Comment

by:JackOfPH
ID: 17816229
Thank you very much...

0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I think the Typed DataTable and Typed DataSet are very good options when working with data, but I don't like auto-generated code. First, I create an Abstract Class for my DataTables Common Code.  This class Inherits from DataTable. Also, it can …
If you need to start windows update installation remotely or as a scheduled task you will find this very helpful.
We’ve all felt that sense of false security before—locking down external access to a database or component and feeling like we’ve done all we need to do to secure company data. But that feeling is fleeting. Attacks these days can happen in many w…
Despite its rising prevalence in the business world, "the cloud" is still misunderstood. Some companies still believe common misconceptions about lack of security in cloud solutions and many misuses of cloud storage options still occur every day. …
Suggested Courses

839 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question