TPBPIT
asked on
Encrypting a password used in a MySql Connection string
I have attached some C# code that is used in a .aspx file. As you will see there is a MySql connection string with the password set as password. Obviously that's not the real paasword, but I need to know if I need to encrypt that password as this page faces the public. I would assume that if a user can get to the page from the public internet then they could harvest the username and password for the SQL database.
How do I avoid this? Do I encrypt the password in the .aspx file? If so, how? If not then what should I be doing?
How do I avoid this? Do I encrypt the password in the .aspx file? If so, how? If not then what should I be doing?
<%@ Page Language="C#" AutoEventWireup="False" EnableSessionState="False" EnableViewState="False" %>
<%@ Import Namespace="System.Data" %>
<%@ Import Namespace="System.Data.Odbc" %>
<%@ Import Namespace="MySql.Data.MySqlClient" %>
<script runat="server">
private const string ConnStr = "Server=localhost;Database=vcard;uid=root;pwd=password;";
protected override void OnInit(EventArgs e)
{
base.OnInit(e);
string strAttorneyEmail = Request["email"];
MySqlDataReader MySQLReader;
MySql.Data.MySqlClient.MySqlConnection conn;
MySql.Data.MySqlClient.MySqlCommand cmd;
conn = new MySql.Data.MySqlClient.MySqlConnection();
ASKER
I'm not having to pass the password into the current .aspx file. Would the above code work and if so, how do I use it?
Just add another file to be read every time you need to get your password.
ASKER
Lol. Ok, I did stay at a Holiday Inn Express last night, but I'm not a developer especially not in C#. Someone did the original work for me and disappeared. Any detailed help or explaination you can give would help me greatly because the more complex it gets, the more I sucks a coding.
This is how you do it
Dim SqlConnection As New SqlConnection(WebConfigura tionManage r.Connecti onStrings( "Connectio nString"). ToString() )
Webconfig - safest in the business
<add name="ConnectionString" connectionString="Provider =MySQLProv ;Data Source=mydb;User Id=myUsername;Password=myP assword;/>
Dim SqlConnection As New SqlConnection(WebConfigura
Webconfig - safest in the business
<add name="ConnectionString" connectionString="Provider
sorry small mistake in the above code
WebConfig
<connectionStrings>
<add name="BMREConnString" connectionString="Server=; Port=;Data base=;Uid= ;Pwd=;pool ing=false; " providerName="MySql.Data.M ySqlClient " />
</connectionStrings>
myConnection = ConfigurationManager.Conne ctionStrin gs["BMRECo nnString"] .Connectio nString
WebConfig
<connectionStrings>
<add name="BMREConnString" connectionString="Server=;
</connectionStrings>
myConnection = ConfigurationManager.Conne
ASKER
Ok, so I add the part under the webconfig to the webconfig. Do I add it anywhere in the webconfig?
Second, what is this clause and where do I use it? myConnection = ConfigurationManager.Conne ctionStrin gs["BMRECo nnString"] .Connectio nString
Second, what is this clause and where do I use it? myConnection = ConfigurationManager.Conne
instead of this
private const string ConnStr = "Server=localhost;Database =vcard;uid =root;pwd= password;" ;
Use this
private const string ConnStr =ConfigurationManager.Conn ectionStri ngs["BMREC onnString" ].Connecti onString
private const string ConnStr = "Server=localhost;Database
Use this
private const string ConnStr =ConfigurationManager.Conn
ASKER
Asish,
I made the changes above, but I get the attached error. What am I doing wrong? Ovbiously it has something to do with the web.config and the connection string, but I'm at a loss.
web.config
web.config-error.JPG
I made the changes above, but I get the attached error. What am I doing wrong? Ovbiously it has something to do with the web.config and the connection string, but I'm at a loss.
web.config
web.config-error.JPG
ASKER
Ok, minutes after posting the last message I found what I was doing wrong in the web.config file. There was no opening for the connection string.
Now that I have fixed that, I'm getting the following error when the aspx page is trying to use the connection string. See the attached image. I have also attached the being of the code on the aspx page.
Now that I have fixed that, I'm getting the following error when the aspx page is trying to use the connection string. See the attached image. I have also attached the being of the code on the aspx page.
<%@ Page Language="C#" AutoEventWireup="False" EnableSessionState="False" EnableViewState="False" %>
<%@ Import Namespace="System.Data" %>
<%@ Import Namespace="System.Data.Odbc" %>
<%@ Import Namespace="MySql.Data.MySqlClient" %>
<script runat="server">
private const string ConnStr =ConfigurationManager.ConnectionStrings["BMREConnString"].ConnectionString;
protected override void OnInit(EventArgs e)
{
base.OnInit(e);
string strAttorneyEmail = Request["email"];
aspx-error.JPG
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
for more infor on Connection string you can have a look at below url
http://www.connectionstrings.com/mysql
http://www.connectionstrings.com/mysql
ASKER
I've tried several different connection string lines, but nothing works. I keep getting an error that points to the connection string.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I already tried that with this being the results
next-error.JPG
next-error.JPG
Can you post the whole function and copy of webconfig
ASKER
ASKER
Asish, did you have a chance to look at this?
sorry mate, i got busy, will give it a look probably 2day
ASKER
AsishRaj, I found the problem and was able to fix it. The variable name I was declaring was spelled differently than what I was using. Apparently I deleted a letter.
Thanks for all your help.
Thanks for all your help.
public static string xCrypt(string Text)
{
string strTempChar = "";
int i;
for (i = 1; i <= Len(Text); i++) {
if (Asc(Mid(Text, i, 1)) < 128) {
strTempChar = (string)Asc(Mid(Text, i, 1)) + 128;
}
else if (Asc(Mid(Text, i, 1)) > 128) {
strTempChar = (string)Asc(Mid(Text, i, 1)) - 128;
}
Mid(Text, i, 1) = Chr((int)strTempChar);
}
return Text;
}