[Last Call] Learn about multicloud storage options and how to improve your company's cloud strategy. Register Now

x
?
Solved

(Discussion)How to secure the password of my database in my connection string?

Posted on 2006-10-26
6
Medium Priority
?
268 Views
Last Modified: 2010-04-23
Everybodies comment is welcome... Please don't hesitate to give your Ideas...

How can I secure the password of my database in my connection string?

Here is my connection string...

"'Provider=Microsoft.Jet.OLEDB.4.0;Data Source=|DataDirectory|\Resources\dbRoomReservation.mdb;Persist Security Info=True;Jet OLEDB:Database Password=a"

I am using vb 2005 express...

Thanks in Advance.
{Jack}
0
Comment
Question by:JackOfPH
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
6 Comments
 
LVL 9

Assisted Solution

by:DjDezmond
DjDezmond earned 600 total points
ID: 17809960
You could encrypt and then store the whole connection string in the registry somewhere, and call it 'on-the-fly' decrypting it on the way...?

http://www.codeproject.com/dotnet/EnterpriseConectionString.asp
0
 
LVL 15

Author Comment

by:JackOfPH
ID: 17810141
Thanks for the input...

The method used above is nice especially if you are using sql server...
0
 
LVL 15

Author Comment

by:JackOfPH
ID: 17810149
Is there any more Ideas?
I am looking for any different ways in securing connection strings.
So, your comments are still welcome...

{Jack}
0
Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

 
LVL 4

Accepted Solution

by:
escheider earned 800 total points
ID: 17810624
I encrypt and decrypt querystring variables in ASP.NET applications when the values hold sensitive information or information I don't want easily available.   I use an encrypt and decrypt function and pass the values to these functions whenever I interact with them.  You could do the same with your connection string password:


Public Class clsSecurity

    Private key() As Byte = {}
    Private IV() As Byte = {&H12, &H34, &H56, &H78, &H90, &HAB, &HCD, &HEF}
    Private sEncryptionKey As String = "12345678"  '64 bit key

#Region "Cryptography Section"
    Public Function Decrypt(ByVal stringToDecrypt As String) As String

        If Len(stringToDecrypt) > 0 Then
            Dim inputByteArray(stringToDecrypt.Length) As Byte
            Try
                key = System.Text.Encoding.UTF8.GetBytes(Left(sEncryptionKey, 8))
                Dim des As New DESCryptoServiceProvider
                inputByteArray = Convert.FromBase64String(stringToDecrypt)
                Dim ms As New MemoryStream
                Dim cs As New CryptoStream(ms, des.CreateDecryptor(key, IV), _
                    CryptoStreamMode.Write)
                cs.Write(inputByteArray, 0, inputByteArray.Length)
                cs.FlushFinalBlock()
                Dim encoding As System.Text.Encoding = System.Text.Encoding.UTF8
                Return IsNull(encoding.GetString(ms.ToArray()), "")
            Catch e As Exception
                Return e.Message
            End Try
        Else
            Return 0
        End If
    End Function

    Public Function Encrypt(ByVal stringToEncrypt As String) As String
        Try
            key = System.Text.Encoding.UTF8.GetBytes(Left(sEncryptionKey, 8))
            Dim des As New DESCryptoServiceProvider
            Dim inputByteArray() As Byte = Encoding.UTF8.GetBytes( _
                stringToEncrypt)
            Dim ms As New MemoryStream
            Dim cs As New CryptoStream(ms, des.CreateEncryptor(key, IV), _
                CryptoStreamMode.Write)
            cs.Write(inputByteArray, 0, inputByteArray.Length)
            cs.FlushFinalBlock()
            Return Convert.ToBase64String(ms.ToArray())
        Catch e As Exception
            Return e.Message
        End Try
    End Function
#End Region

End Class



0
 
LVL 18

Assisted Solution

by:DarrenD
DarrenD earned 600 total points
ID: 17810660
Hi,

Well the idea to encrypt the connection string / password is definitely the first step.

Personally I don't like the registry so I don't use it much. I prefer to use an XML file to store the encrypted string. When using .NET you could also just store the encrypted connection string in either an app.config file for a web.config file or even create your own config file.

I usually encrypt the entire connection string as opposed to the just the password but thats just me.

Hope this helped a little.

Darren
0
 
LVL 15

Author Comment

by:JackOfPH
ID: 17816229
Thank you very much...

0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Creating an analog clock UserControl seems fairly straight forward.  It is, after all, essentially just a circle with several lines in it!  Two common approaches for rendering an analog clock typically involve either manually calculating points with…
It was really hard time for me to get the understanding of Delegates in C#. I went through many websites and articles but I found them very clumsy. After going through those sites, I noted down the points in a easy way so here I am sharing that unde…
This course is ideal for IT System Administrators working with VMware vSphere and its associated products in their company infrastructure. This course teaches you how to install and maintain this virtualization technology to store data, prevent vuln…
This tutorial will teach you the special effect of super speed similar to the fictional character Wally West aka "The Flash" After Shake : http://www.videocopilot.net/presets/after_shake/ All lightning effects with instructions : http://www.mediaf…

650 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question