Solved

How to encrypt a Oracle password in app.config in C# app

Posted on 2011-02-24
10
1,377 Views
Last Modified: 2013-12-19
I am working on a .NET console  application using C#. In order for the console app to open a connection to the oracle database, the following conection string was setup in the "app.config" file of the console app.

 <connectionStrings>
    <add name="ABCReceiveData.Properties.Settings.TTT1" connectionString="Data Source=ttt1;Persist Security Info=True;User ID=johndoe;Password=xxxxj$;Unicode=True"
      providerName="System.Data.OracleClient" />
</connectionStrings>

With the above approach the password is saved in clear text in the config file, I do not want that .. I like to encrypt it. I do not know how .. appreciate if someone shares a sample on how to do it.
0
Comment
Question by:vemi007
  • 5
  • 4
10 Comments
 
LVL 76

Expert Comment

by:slightwv (䄆 Netminder)
ID: 34976196
The only way I know is to encrypt the entire connection string with any of the available encrypt/decrypt functions/libraries around.

Store the encrypted value then decrypt in code then connect.
0
 
LVL 76

Expert Comment

by:slightwv (䄆 Netminder)
ID: 34976200
Should add that it is possible to use OS authentication with Oracle but I would not recommend it.

That is connect to the database with no password using the OS credentials.
0
 

Author Comment

by:vemi007
ID: 34976227
encrypt/decrypt ?? can you show me the way, I am not that familiar
0
 
LVL 76

Expert Comment

by:slightwv (䄆 Netminder)
ID: 34976260
I'm on mobile right now and cannot provide links with examples but Google around for: ASP.Net string encrypt

There should be several examples.

You also realize this isn't going to stop a 'decent' attempt at accessing the database.

I can always run your app code through a decompiler like reflector and see how you decrypt the string and gain access to the database.

It will slow me down but probably not stop $e.
0
 

Author Comment

by:vemi007
ID: 34976267
I understand the pit falls .. but it is an internal application which is not at all exposed outside. I will google around , if you get a chance please send related info my way.
0
How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

 
LVL 76

Expert Comment

by:slightwv (䄆 Netminder)
ID: 34976283
If you haven't figured it out and no other Experts show up before I get back to work tomorrow, I'll see what I can provide.
0
 

Author Comment

by:vemi007
ID: 34976421
Thanks, I have googled a lot .. majority are around web.config tied to ASP.NET, a few I did find for encrypting and decrypting app.config for my console C# application including msdnn article, but it is kinda going over my head .. i see methods defined to encrypt/decrypt connection string .. but how do i use those methods within my console app is what I am missing .. just a good sample will help me understand anf figure this out.
0
 
LVL 12

Accepted Solution

by:
praveencpk earned 200 total points
ID: 34978470
Hi,

since i'm not worked on this senario i'm not sure please check this below links i hope this may help you

http://www.pnpguidance.net/Post/EnterpriseLibrary3VisualStudioIntegratedConfigurationEditor.aspx
http://davidhayden.com/blog/dave/archive/2006/01/23/2744.aspx
0
 

Author Comment

by:vemi007
ID: 34979789
How does Enterprise Library  work ? it seems very easy. After i have it installed on my desktop and use to encrypt app.config , do I have to install this Enterprise Library  on the server where the client will be eventually deployed as well  ?
0
 

Author Closing Comment

by:vemi007
ID: 34981636
I figured it out. Thanks for your assistance.
0

Featured Post

IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

Working with Network Access Control Lists in Oracle 11g (part 1) Part 2: http://www.e-e.com/A_9074.html So, you upgraded to a shiny new 11g database and all of a sudden every program that used UTL_MAIL, UTL_SMTP, UTL_TCP, UTL_HTTP or any oth…
Configuring and using Oracle Database Gateway for ODBC Introduction First, a brief summary of what a Database Gateway is.  A Gateway is a set of driver agents and configurations that allow an Oracle database to communicate with other platforms…
Video by: Steve
Using examples as well as descriptions, step through each of the common simple join types, explaining differences in syntax, differences in expected outputs and showing how the queries run along with the actual outputs based upon a simple set of dem…
This video shows how to copy an entire tablespace from one database to another database using Transportable Tablespace functionality.

757 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now