Posted on 2006-11-23
Last Modified: 2010-04-23
There is a connection string stored in My.Settings but it only has read access to the SQL Server. It will be used just to validate the username and password entered by the operator to those stored in the DB. If validated, a new set of username and password is sent back to the user (but it is not encrypted, and I need to learn some encryption too.) Now a new connection string is created on the fly, using this new username and password. With this new connection string, the program has write access over the database.

I have that design in mind, since I don't want the username and password to be found by reverse engineering the executable. Is the above a good idea, or is it not?
Question by:huji
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
  • 2
LVL 15

Expert Comment

ID: 18004962
so the username and password will be hardcoded into your application?

if so, why not just encrypt the connectionstring and put the encrypted version of the string into your application,then decrypt it at runtime before making the connection? this way decompiling your app will only reveal the encrypted string.
LVL 14

Author Comment

ID: 18006145
The first username and password (which has READ permission) is hardcoded. From the second connectionstring, only the database IP and catalog name are hardcoded, the rest (new username and password) comes from the SQL Server at runtime.
Your idea of encrypting these strings and decrypting them at runtime is appropriate. What encryption method do you suggest?
LVL 15

Accepted Solution

Solar_Flare earned 125 total points
ID: 18006152
you can use the classes.

this page should help gut you started with some encryption :)
Online Training Solution

Drastically shorten your training time with WalkMe's advanced online training solution that Guides your trainees to action. Forget about retraining and skyrocket knowledge retention rates.

LVL 14

Author Comment

ID: 18006552
Well, I meant, should I use those basic methods, or should I use a different method which is not so well known? Does using known methods give a chance of reverse engineering them? (I know I'm doing an overkill, but I'm learning things.)
LVL 14

Author Comment

ID: 18020728
OK. Now, is the idea of transfering a second username and password over the network a good idea, or not?
LVL 15

Assisted Solution

JackOfPH earned 125 total points
ID: 18026156
It would be safe when you transffer the username and the password over the network if it is encrypted. But still there is a tendency that the transfer can be captured by other programs.

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Article by: jpaulino
XML Literals are a great way to handle XML files and the community doesn’t use it as much as it should.  An XML Literal is like a String ( Literal, only instead of starting and ending with w…
Since .Net 2.0, Visual Basic has made it easy to create a splash screen and set it via the "Splash Screen" drop down in the Project Properties.  A splash screen set in this manner is automatically created, displayed and closed by the framework itsel…
Add bar graphs to Access queries using Unicode block characters. Graphs appear on every record in the color you want. Give life to numbers. Hopes this gives you ideas on visualizing your data in new ways ~ Create a calculated field in a query: …
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…
Suggested Courses

623 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question