Best way to store connection string


I have been developing applications from quite some time now. I am using mysql as backend and as front end. I have been using My.application. settings to store my connection string. But, the problem is that it is visible as normal text to the users and can easily be changed. I would like to know what is the best possible way to store the connection string in the convenient way and keep the security in mind.

Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

I think you will need to encrypt your plaintext in your app.config to make it more secure. But this will mean less comfort, if you want to quickly change the connections string (of course).

You can have a look here:

You will not have to worry about accessing the date through your application. Decryption will be done automatically by the application itself when run.
kewlchap_85Author Commented:
Hi Pryrates,

Thank you for your prompt response. But as mentioned in the replies of the post, this will only work for the same machine deployment and not in multi-deployment scenario.

Please help.
Alfred A.Commented:

I suggest using the registry in .NET if you really want it hidden from normal users.

See the article below for reference:

Also, I am not sure how you do your multi-deployment scenario but using Click-Once deployment should distribute any changes you do to your application.

Or, if you are talking about multiple deployment of an application in one machine, you can still use an app.config and encrypt it as mentioned by "Pryrates" in his previous response.

Can you provide more information regarding your multi-deployment scenario?

Cloud Class® Course: Microsoft Office 2010

This course will introduce you to the interfaces and features of Microsoft Office 2010 Word, Excel, PowerPoint, Outlook, and Access. You will learn about the features that are shared between all products in the Office suite, as well as the new features that are product specific.

you could implement encoding / decoding on your own so you can store encrypted strings in the app config and decrypt it on your own - so you are no longer bound to machine unique infos to decrypt it.
Of course that will be less secure, but if your goal is more to prevent anyone to change the settings easily than build the most secure and robust application in the world that would fit your needs.
have you heard of DBfactory?
i recommend you to use that class to code your applications
because it store your connection string in the application settings. and it will be completely from user
 or simply you can use data set to connect to database, it will also hide your connection string from user

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Use the following class to encrypt and decrypt the connection string.

Use the class this way

Dim Enc as New TripleDES
Dim Encrypted As Byte() = Enc.Encrypt("Plain Text")
Dim Decrypted As String = Enc.Decrypt(Encrypted)

Imports System
Imports System.IO
Imports System.Text
Imports System.Security.Cryptography
Public Class TripleDES
    Private key() As Byte = {1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24}
    Private iv() As Byte = {65, 110, 68, 26, 69, 178, 200, 219}
    Public Function Encrypt(ByVal plainText As String) As Byte()
        ' Declare a UTF8Encoding object so we may use the GetByte
        ' method to transform the plainText into a Byte array.
        Dim utf8encoder As UTF8Encoding = New UTF8Encoding()
        Dim inputInBytes() As Byte = utf8encoder.GetBytes(plainText)
        ' Create a new TripleDES service provider
        Dim tdesProvider As TripleDESCryptoServiceProvider = New TripleDESCryptoServiceProvider()
        ' The ICryptTransform interface uses the TripleDES
        ' crypt provider along with encryption key and init vector
        ' information
        Dim cryptoTransform As ICryptoTransform = tdesProvider.CreateEncryptor(Me.key, Me.iv)
        ' All cryptographic functions need a stream to output the
        ' encrypted information. Here we declare a memory stream
        ' for this purpose.
        Dim encryptedStream As MemoryStream = New MemoryStream()
        Dim cryptStream As CryptoStream = New CryptoStream(encryptedStream, cryptoTransform, CryptoStreamMode.Write)
        ' Write the encrypted information to the stream. Flush the information
        ' when done to ensure everything is out of the buffer.
        cryptStream.Write(inputInBytes, 0, inputInBytes.Length)
        encryptedStream.Position = 0
        ' Read the stream back into a Byte array and return it to the calling
        ' method.
        Dim result(encryptedStream.Length - 1) As Byte
        encryptedStream.Read(result, 0, encryptedStream.Length)
        'Dim myutf As UTF8Encoding = New UTF8Encoding()
        'Return myutf.GetString(result)
        Return result
    End Function
    Public Function Decrypt(ByVal inputInBytes() As Byte) As String
        ' UTFEncoding is used to transform the decrypted Byte Array
        ' information back into a string.
        Dim myutf As UTF8Encoding = New UTF8Encoding()
        'Dim inputInBytes() As Byte = myutf.GetBytes(input)
        Dim utf8encoder As UTF8Encoding = New UTF8Encoding()
        Dim tdesProvider As TripleDESCryptoServiceProvider = New TripleDESCryptoServiceProvider()
        ' As before we must provide the encryption/decryption key along with
        ' the init vector.
        Dim cryptoTransform As ICryptoTransform = tdesProvider.CreateDecryptor(Me.key, Me.iv)
        ' Provide a memory stream to decrypt information into
        Dim decryptedStream As MemoryStream = New MemoryStream()
        Dim cryptStream As CryptoStream = New CryptoStream(decryptedStream, cryptoTransform, CryptoStreamMode.Write)
        cryptStream.Write(inputInBytes, 0, inputInBytes.Length)
        decryptedStream.Position = 0
        ' Read the memory stream and convert it back into a string
        Dim result(decryptedStream.Length - 1) As Byte
        decryptedStream.Read(result, 0, decryptedStream.Length)
        Return myutf.GetString(result)
    End Function
End Class
Public NotInheritable Class Encryption
    Private TripleDes As New TripleDESCryptoServiceProvider
    Private svKey As String = "justsomewordstobeusedasacryptionkey"
    Sub New(ByVal key As String)
        ' Initialize the crypto provider.
        TripleDes.Key = TruncateHash(key, TripleDes.KeySize \ 8)
        TripleDes.IV = TruncateHash("", TripleDes.BlockSize \ 8)
    End Sub
    Sub New()
        TripleDes.Key = TruncateHash(svKey, TripleDes.KeySize \ 8)
        TripleDes.IV = TruncateHash("", TripleDes.BlockSize \ 8)
    End Sub
    Private Function TruncateHash(ByVal key As String, ByVal length As Integer) As Byte()
        Dim sha1 As New SHA1CryptoServiceProvider
        ' Hash the key.
        Dim keyBytes() As Byte = System.Text.Encoding.Unicode.GetBytes(key)
        Dim hash() As Byte = sha1.ComputeHash(keyBytes)
        ' Truncate or pad the hash.
        ReDim Preserve hash(length - 1)
        Return hash
    End Function
    Public Function EncryptData(ByVal plaintext As String) As String
        ' Convert the plaintext string to a byte array.
        Dim plaintextBytes() As Byte = System.Text.Encoding.Unicode.GetBytes(plaintext)
        ' Create the stream.
        Dim ms As New System.IO.MemoryStream
        ' Create the encoder to write to the stream.
        Dim encStream As New CryptoStream(ms, TripleDes.CreateEncryptor(), System.Security.Cryptography.CryptoStreamMode.Write)
        ' Use the crypto stream to write the byte array to the stream.
        encStream.Write(plaintextBytes, 0, plaintextBytes.Length)
        ' Convert the encrypted stream to a printable string.
        Return Convert.ToBase64String(ms.ToArray)
    End Function
    Public Function DecryptData(ByVal encryptedtext As String) As String
        ' Convert the encrypted text string to a byte array.
        Dim encryptedBytes() As Byte = Convert.FromBase64String(encryptedtext)
        ' Create the stream.
        Dim ms As New System.IO.MemoryStream
        ' Create the decoder to write to the stream.
        Dim decStream As New CryptoStream(ms, TripleDes.CreateDecryptor(), System.Security.Cryptography.CryptoStreamMode.Write)
        ' Use the crypto stream to write the byte array to the stream.
        decStream.Write(encryptedBytes, 0, encryptedBytes.Length)
        ' Convert the plaintext stream to a string.
        Return System.Text.Encoding.Unicode.GetString(ms.ToArray)
    End Function
End Class

Open in new window

there are many ways to store connection String,
if you know how to use WCF and dbfactory class, it will help you a lot
it will store the connection string in the app config file :D
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
.NET Programming

From novice to tech pro — start learning today.