Go Premium for a chance to win a PS4. Enter to Win



Posted on 2006-11-23
Medium Priority
Last Modified: 2010-04-23
There is a connection string stored in My.Settings but it only has read access to the SQL Server. It will be used just to validate the username and password entered by the operator to those stored in the DB. If validated, a new set of username and password is sent back to the user (but it is not encrypted, and I need to learn some encryption too.) Now a new connection string is created on the fly, using this new username and password. With this new connection string, the program has write access over the database.

I have that design in mind, since I don't want the username and password to be found by reverse engineering the executable. Is the above a good idea, or is it not?
Question by:huji
  • 3
  • 2
  • 2
LVL 15

Expert Comment

ID: 18004962
so the username and password will be hardcoded into your application?

if so, why not just encrypt the connectionstring and put the encrypted version of the string into your application,then decrypt it at runtime before making the connection? this way decompiling your app will only reveal the encrypted string.
LVL 14

Author Comment

ID: 18006145
The first username and password (which has READ permission) is hardcoded. From the second connectionstring, only the database IP and catalog name are hardcoded, the rest (new username and password) comes from the SQL Server at runtime.
Your idea of encrypting these strings and decrypting them at runtime is appropriate. What encryption method do you suggest?
LVL 15

Accepted Solution

Solar_Flare earned 375 total points
ID: 18006152
you can use the system.security.cryptography classes.

this page http://www.codeproject.com/dotnet/SimpleEncryption.asp should help gut you started with some encryption :)
Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

LVL 14

Author Comment

ID: 18006552
Well, I meant, should I use those basic methods, or should I use a different method which is not so well known? Does using known methods give a chance of reverse engineering them? (I know I'm doing an overkill, but I'm learning things.)
LVL 14

Author Comment

ID: 18020728
OK. Now, is the idea of transfering a second username and password over the network a good idea, or not?
LVL 15

Assisted Solution

JackOfPH earned 375 total points
ID: 18026156
It would be safe when you transffer the username and the password over the network if it is encrypted. But still there is a tendency that the transfer can be captured by other programs.

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you're writing a .NET application to connect to an Access .mdb database and use pre-existing queries that require parameters, you've come to the right place! Let's say the pre-existing query(qryCust) in Access takes a Date as a parameter and l…
Creating an analog clock UserControl seems fairly straight forward.  It is, after all, essentially just a circle with several lines in it!  Two common approaches for rendering an analog clock typically involve either manually calculating points with…
This Micro Tutorial will teach you how to add a cinematic look to any film or video out there. There are very few simple steps that you will follow to do so. This will be demonstrated using Adobe Premiere Pro CS6.
In a question here at Experts Exchange (https://www.experts-exchange.com/questions/29062564/Adobe-acrobat-reader-DC.html), a member asked how to create a signature in Adobe Acrobat Reader DC (the free Reader product, not the paid, full Acrobat produ…
Suggested Courses

916 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question