Solved

SqlConnection - How avoid hard coding password in config file.

Posted on 2008-06-12
4
318 Views
Last Modified: 2009-12-16
I have a windows app, that I have created in VB.net.  This is being deployed to a client's site, so in the properties of the SqlConnection, I am using "map property to a key in the configuration file".  
However, I really dislike that the password (unencrypted) is hard coded in the configuration file.
Is there an alternative to hard coding the password?

I really like the flexibility of defining the database in the config file, but I know my client will not accept seeing their password hard coded.

Any help greatly appreciated.
Regards,
td

HERE IS SAMPLE CONFIG FILE:

<?xml version="1.0" encoding="utf-8"?>
<configuration>
      <appSettings>
            <!--   User application and configured property settings go here.-->
            <!--   Example: <add key="settingName" value="settingValue"/> -->
            <add key="SqlConnection1.ConnectionString" value="workstation id=TOM;packet size=4096;user id=sa;data source=myPC;persist security info=True;initial catalog=myDataBase;password=PWD123" />
      </appSettings>
</configuration>
0
Comment
Question by:down0041
  • 2
  • 2
4 Comments
 
LVL 9

Expert Comment

by:Rob Siklos
ID: 21769447
You could store the password as encrypted text, which only your app knows how to decrypt.
0
 

Author Comment

by:down0041
ID: 21770580
Rob, thank you for your reply.
Sounds like a great solution.  Can you please give me a little more detail.  (ie. how exactly would you do this).  I'm not a complete newbie, but I need some more direction, or an example.

Any help greatly appreciated.
Regards,
td
0
 
LVL 9

Accepted Solution

by:
Rob Siklos earned 500 total points
ID: 21770689
First, give your application a Strong Name.  This will generate a public key pair (you should be able to find links about how to do this).

Then, add a method to your application which will encrypt a given password using the app's public key. (see System.Security.Cryptography.RSACryptoServiceProvider class)

Encrypt the password, and store that as a separate entry in the config file.  Then, when you load the connection string, also load the encrypted password and decrypt it with the app's private key.

Sorry I can't provide any code examples, but that's the basic methodology you should follow.
0
 

Author Comment

by:down0041
ID: 21770789
Rob - Thank you!
td
0

Featured Post

Announcing the Most Valuable Experts of 2016

MVEs are more concerned with the satisfaction of those they help than with the considerable points they can earn. They are the types of people you feel privileged to call colleagues. Join us in honoring this amazing group of Experts.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Since .Net 2.0, Visual Basic has made it easy to create a splash screen and set it via the "Splash Screen" drop down in the Project Properties.  A splash screen set in this manner is automatically created, displayed and closed by the framework itsel…
Introduction As chip makers focus on adding processor cores over increasing clock speed, developers need to utilize the features of modern CPUs.  One of the ways we can do this is by implementing parallel algorithms in our software.   One recent…
Internet Business Fax to Email Made Easy - With eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, fr…
Although Jacob Bernoulli (1654-1705) has been credited as the creator of "Binomial Distribution Table", Gottfried Leibniz (1646-1716) did his dissertation on the subject in 1666; Leibniz you may recall is the co-inventor of "Calculus" and beat Isaac…

813 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now