kewlchap_85
asked on
Best way to store connection string
Hi,
I have been developing applications from quite some time now. I am using mysql as backend and vb.net as front end. I have been using My.application. settings to store my connection string. But, the problem is that it is visible as normal text to the users and can easily be changed. I would like to know what is the best possible way to store the connection string in the convenient way and keep the security in mind.
Thanks
I have been developing applications from quite some time now. I am using mysql as backend and vb.net as front end. I have been using My.application. settings to store my connection string. But, the problem is that it is visible as normal text to the users and can easily be changed. I would like to know what is the best possible way to store the connection string in the convenient way and keep the security in mind.
Thanks
ASKER
Hi Pryrates,
Thank you for your prompt response. But as mentioned in the replies of the post, this will only work for the same machine deployment and not in multi-deployment scenario.
Please help.
Thank you for your prompt response. But as mentioned in the replies of the post, this will only work for the same machine deployment and not in multi-deployment scenario.
Please help.
Hi,
I suggest using the registry in .NET if you really want it hidden from normal users.
See the article below for reference:
http://www.codeproject.com/KB/cs/dotnet_registry.aspx
Also, I am not sure how you do your multi-deployment scenario but using Click-Once deployment should distribute any changes you do to your application.
Or, if you are talking about multiple deployment of an application in one machine, you can still use an app.config and encrypt it as mentioned by "Pryrates" in his previous response.
Can you provide more information regarding your multi-deployment scenario?
I suggest using the registry in .NET if you really want it hidden from normal users.
See the article below for reference:
http://www.codeproject.com/KB/cs/dotnet_registry.aspx
Also, I am not sure how you do your multi-deployment scenario but using Click-Once deployment should distribute any changes you do to your application.
Or, if you are talking about multiple deployment of an application in one machine, you can still use an app.config and encrypt it as mentioned by "Pryrates" in his previous response.
Can you provide more information regarding your multi-deployment scenario?
you could implement encoding / decoding on your own so you can store encrypted strings in the app config and decrypt it on your own - so you are no longer bound to machine unique infos to decrypt it.
Of course that will be less secure, but if your goal is more to prevent anyone to change the settings easily than build the most secure and robust application in the world that would fit your needs.
Of course that will be less secure, but if your goal is more to prevent anyone to change the settings easily than build the most secure and robust application in the world that would fit your needs.
have you heard of DBfactory?
i recommend you to use that class to code your applications
because it store your connection string in the application settings. and it will be completely from user
or simply you can use data set to connect to database, it will also hide your connection string from user
i recommend you to use that class to code your applications
because it store your connection string in the application settings. and it will be completely from user
or simply you can use data set to connect to database, it will also hide your connection string from user
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
there are many ways to store connection String,
if you know how to use WCF and dbfactory class, it will help you a lot
it will store the connection string in the app config file :D
if you know how to use WCF and dbfactory class, it will help you a lot
it will store the connection string in the app config file :D
You can have a look here:
http://www.nickfessel.com/index.php?post=13
You will not have to worry about accessing the date through your application. Decryption will be done automatically by the application itself when run.