Best way to store connection string

Hi,

I have been developing applications from quite some time now. I am using mysql as backend and vb.net as front end. I have been using My.application. settings to store my connection string. But, the problem is that it is visible as normal text to the users and can easily be changed. I would like to know what is the best possible way to store the connection string in the convenient way and keep the security in mind.

Thanks
LVL 2
kewlchap_85Asked:
Who is Participating?
 
PryratesCommented:
I think you will need to encrypt your plaintext in your app.config to make it more secure. But this will mean less comfort, if you want to quickly change the connections string (of course).

You can have a look here:
http://www.nickfessel.com/index.php?post=13

You will not have to worry about accessing the date through your application. Decryption will be done automatically by the application itself when run.
0
 
kewlchap_85Author Commented:
Hi Pryrates,

Thank you for your prompt response. But as mentioned in the replies of the post, this will only work for the same machine deployment and not in multi-deployment scenario.

Please help.
0
Never miss a deadline with monday.com

The revolutionary project management tool is here!   Plan visually with a single glance and make sure your projects get done.

 
Alfred A.Commented:
Hi,

I suggest using the registry in .NET if you really want it hidden from normal users.

See the article below for reference:

http://www.codeproject.com/KB/cs/dotnet_registry.aspx

Also, I am not sure how you do your multi-deployment scenario but using Click-Once deployment should distribute any changes you do to your application.

Or, if you are talking about multiple deployment of an application in one machine, you can still use an app.config and encrypt it as mentioned by "Pryrates" in his previous response.

Can you provide more information regarding your multi-deployment scenario?

0
 
PryratesCommented:
you could implement encoding / decoding on your own so you can store encrypted strings in the app config and decrypt it on your own - so you are no longer bound to machine unique infos to decrypt it.
Of course that will be less secure, but if your goal is more to prevent anyone to change the settings easily than build the most secure and robust application in the world that would fit your needs.
0
 
lordaeonzCommented:
have you heard of DBfactory?
i recommend you to use that class to code your applications
because it store your connection string in the application settings. and it will be completely from user
 or simply you can use data set to connect to database, it will also hide your connection string from user
0
 
CodeCruiserConnect With a Mentor Commented:
Use the following class to encrypt and decrypt the connection string.


Use the class this way

Dim Enc as New TripleDES
Dim Encrypted As Byte() = Enc.Encrypt("Plain Text")
Dim Decrypted As String = Enc.Decrypt(Encrypted)

Imports System
Imports System.IO
Imports System.Text
Imports System.Security.Cryptography
 
Public Class TripleDES
    Private key() As Byte = {1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24}
    Private iv() As Byte = {65, 110, 68, 26, 69, 178, 200, 219}
 
    Public Function Encrypt(ByVal plainText As String) As Byte()
        ' Declare a UTF8Encoding object so we may use the GetByte
        ' method to transform the plainText into a Byte array.
        Dim utf8encoder As UTF8Encoding = New UTF8Encoding()
        Dim inputInBytes() As Byte = utf8encoder.GetBytes(plainText)
 
        ' Create a new TripleDES service provider
        Dim tdesProvider As TripleDESCryptoServiceProvider = New TripleDESCryptoServiceProvider()
 
        ' The ICryptTransform interface uses the TripleDES
        ' crypt provider along with encryption key and init vector
        ' information
        Dim cryptoTransform As ICryptoTransform = tdesProvider.CreateEncryptor(Me.key, Me.iv)
 
        ' All cryptographic functions need a stream to output the
        ' encrypted information. Here we declare a memory stream
        ' for this purpose.
        Dim encryptedStream As MemoryStream = New MemoryStream()
        Dim cryptStream As CryptoStream = New CryptoStream(encryptedStream, cryptoTransform, CryptoStreamMode.Write)
 
        ' Write the encrypted information to the stream. Flush the information
        ' when done to ensure everything is out of the buffer.
        cryptStream.Write(inputInBytes, 0, inputInBytes.Length)
        cryptStream.FlushFinalBlock()
        encryptedStream.Position = 0
 
        ' Read the stream back into a Byte array and return it to the calling
        ' method.
        Dim result(encryptedStream.Length - 1) As Byte
        encryptedStream.Read(result, 0, encryptedStream.Length)
        cryptStream.Close()
        'Dim myutf As UTF8Encoding = New UTF8Encoding()
        'Return myutf.GetString(result)
        Return result
    End Function
 
    Public Function Decrypt(ByVal inputInBytes() As Byte) As String
        ' UTFEncoding is used to transform the decrypted Byte Array
        ' information back into a string.
        Dim myutf As UTF8Encoding = New UTF8Encoding()
 
        'Dim inputInBytes() As Byte = myutf.GetBytes(input)
 
        Dim utf8encoder As UTF8Encoding = New UTF8Encoding()
        Dim tdesProvider As TripleDESCryptoServiceProvider = New TripleDESCryptoServiceProvider()
 
        ' As before we must provide the encryption/decryption key along with
        ' the init vector.
        Dim cryptoTransform As ICryptoTransform = tdesProvider.CreateDecryptor(Me.key, Me.iv)
 
        ' Provide a memory stream to decrypt information into
        Dim decryptedStream As MemoryStream = New MemoryStream()
        Dim cryptStream As CryptoStream = New CryptoStream(decryptedStream, cryptoTransform, CryptoStreamMode.Write)
        cryptStream.Write(inputInBytes, 0, inputInBytes.Length)
        cryptStream.FlushFinalBlock()
        decryptedStream.Position = 0
 
        ' Read the memory stream and convert it back into a string
        Dim result(decryptedStream.Length - 1) As Byte
        decryptedStream.Read(result, 0, decryptedStream.Length)
        cryptStream.Close()
        Return myutf.GetString(result)
    End Function
End Class
 
 
 
Public NotInheritable Class Encryption
 
    Private TripleDes As New TripleDESCryptoServiceProvider
 
    Private svKey As String = "justsomewordstobeusedasacryptionkey"
 
    Sub New(ByVal key As String)
 
        ' Initialize the crypto provider.
 
        TripleDes.Key = TruncateHash(key, TripleDes.KeySize \ 8)
 
        TripleDes.IV = TruncateHash("", TripleDes.BlockSize \ 8)
 
    End Sub
 
    Sub New()
 
        TripleDes.Key = TruncateHash(svKey, TripleDes.KeySize \ 8)
 
        TripleDes.IV = TruncateHash("", TripleDes.BlockSize \ 8)
 
    End Sub
 
    Private Function TruncateHash(ByVal key As String, ByVal length As Integer) As Byte()
 
        Dim sha1 As New SHA1CryptoServiceProvider
 
        ' Hash the key.
 
        Dim keyBytes() As Byte = System.Text.Encoding.Unicode.GetBytes(key)
 
        Dim hash() As Byte = sha1.ComputeHash(keyBytes)
 
        ' Truncate or pad the hash.
 
        ReDim Preserve hash(length - 1)
 
        Return hash
 
    End Function
 
    Public Function EncryptData(ByVal plaintext As String) As String
 
        ' Convert the plaintext string to a byte array.
 
        Dim plaintextBytes() As Byte = System.Text.Encoding.Unicode.GetBytes(plaintext)
 
        ' Create the stream.
 
        Dim ms As New System.IO.MemoryStream
 
        ' Create the encoder to write to the stream.
 
        Dim encStream As New CryptoStream(ms, TripleDes.CreateEncryptor(), System.Security.Cryptography.CryptoStreamMode.Write)
 
        ' Use the crypto stream to write the byte array to the stream.
 
        encStream.Write(plaintextBytes, 0, plaintextBytes.Length)
 
        encStream.FlushFinalBlock()
 
        ' Convert the encrypted stream to a printable string.
 
        Return Convert.ToBase64String(ms.ToArray)
 
    End Function
 
    Public Function DecryptData(ByVal encryptedtext As String) As String
 
        ' Convert the encrypted text string to a byte array.
 
        Dim encryptedBytes() As Byte = Convert.FromBase64String(encryptedtext)
 
        ' Create the stream.
 
        Dim ms As New System.IO.MemoryStream
 
        ' Create the decoder to write to the stream.
 
        Dim decStream As New CryptoStream(ms, TripleDes.CreateDecryptor(), System.Security.Cryptography.CryptoStreamMode.Write)
 
        ' Use the crypto stream to write the byte array to the stream.
 
        decStream.Write(encryptedBytes, 0, encryptedBytes.Length)
 
        decStream.FlushFinalBlock()
 
        ' Convert the plaintext stream to a string.
 
        Return System.Text.Encoding.Unicode.GetString(ms.ToArray)
 
    End Function
 
End Class

Open in new window

0
 
lordaeonzCommented:
there are many ways to store connection String,
if you know how to use WCF and dbfactory class, it will help you a lot
it will store the connection string in the app config file :D
0
All Courses

From novice to tech pro — start learning today.