Link to home
Create AccountLog in
Avatar of down0041
down0041

asked on

SqlConnection - How avoid hard coding password in config file.

I have a windows app, that I have created in VB.net.  This is being deployed to a client's site, so in the properties of the SqlConnection, I am using "map property to a key in the configuration file".  
However, I really dislike that the password (unencrypted) is hard coded in the configuration file.
Is there an alternative to hard coding the password?

I really like the flexibility of defining the database in the config file, but I know my client will not accept seeing their password hard coded.

Any help greatly appreciated.
Regards,
td

HERE IS SAMPLE CONFIG FILE:

<?xml version="1.0" encoding="utf-8"?>
<configuration>
      <appSettings>
            <!--   User application and configured property settings go here.-->
            <!--   Example: <add key="settingName" value="settingValue"/> -->
            <add key="SqlConnection1.ConnectionString" value="workstation id=TOM;packet size=4096;user id=sa;data source=myPC;persist security info=True;initial catalog=myDataBase;password=PWD123" />
      </appSettings>
</configuration>
Avatar of Rob Siklos
Rob Siklos
Flag of Canada image

You could store the password as encrypted text, which only your app knows how to decrypt.
Avatar of down0041
down0041

ASKER

Rob, thank you for your reply.
Sounds like a great solution.  Can you please give me a little more detail.  (ie. how exactly would you do this).  I'm not a complete newbie, but I need some more direction, or an example.

Any help greatly appreciated.
Regards,
td
ASKER CERTIFIED SOLUTION
Avatar of Rob Siklos
Rob Siklos
Flag of Canada image

Link to home
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
See answer
Rob - Thank you!
td