Solved

How to encrypt a Oracle password in app.config in C# app

Posted on 2011-02-24
10
1,394 Views
Last Modified: 2013-12-19
I am working on a .NET console  application using C#. In order for the console app to open a connection to the oracle database, the following conection string was setup in the "app.config" file of the console app.

 <connectionStrings>
    <add name="ABCReceiveData.Properties.Settings.TTT1" connectionString="Data Source=ttt1;Persist Security Info=True;User ID=johndoe;Password=xxxxj$;Unicode=True"
      providerName="System.Data.OracleClient" />
</connectionStrings>

With the above approach the password is saved in clear text in the config file, I do not want that .. I like to encrypt it. I do not know how .. appreciate if someone shares a sample on how to do it.
0
Comment
Question by:vemi007
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 4
10 Comments
 
LVL 77

Expert Comment

by:slightwv (䄆 Netminder)
ID: 34976196
The only way I know is to encrypt the entire connection string with any of the available encrypt/decrypt functions/libraries around.

Store the encrypted value then decrypt in code then connect.
0
 
LVL 77

Expert Comment

by:slightwv (䄆 Netminder)
ID: 34976200
Should add that it is possible to use OS authentication with Oracle but I would not recommend it.

That is connect to the database with no password using the OS credentials.
0
 

Author Comment

by:vemi007
ID: 34976227
encrypt/decrypt ?? can you show me the way, I am not that familiar
0
Salesforce Has Never Been Easier

Improve and reinforce salesforce training & adoption using WalkMe's digital adoption platform. Start saving on costly employee training by creating fast intuitive Walk-Thrus for Salesforce. Claim your Free Account Now

 
LVL 77

Expert Comment

by:slightwv (䄆 Netminder)
ID: 34976260
I'm on mobile right now and cannot provide links with examples but Google around for: ASP.Net string encrypt

There should be several examples.

You also realize this isn't going to stop a 'decent' attempt at accessing the database.

I can always run your app code through a decompiler like reflector and see how you decrypt the string and gain access to the database.

It will slow me down but probably not stop $e.
0
 

Author Comment

by:vemi007
ID: 34976267
I understand the pit falls .. but it is an internal application which is not at all exposed outside. I will google around , if you get a chance please send related info my way.
0
 
LVL 77

Expert Comment

by:slightwv (䄆 Netminder)
ID: 34976283
If you haven't figured it out and no other Experts show up before I get back to work tomorrow, I'll see what I can provide.
0
 

Author Comment

by:vemi007
ID: 34976421
Thanks, I have googled a lot .. majority are around web.config tied to ASP.NET, a few I did find for encrypting and decrypting app.config for my console C# application including msdnn article, but it is kinda going over my head .. i see methods defined to encrypt/decrypt connection string .. but how do i use those methods within my console app is what I am missing .. just a good sample will help me understand anf figure this out.
0
 
LVL 12

Accepted Solution

by:
Praveen Kumar Chandrashekatr earned 200 total points
ID: 34978470
Hi,

since i'm not worked on this senario i'm not sure please check this below links i hope this may help you

http://www.pnpguidance.net/Post/EnterpriseLibrary3VisualStudioIntegratedConfigurationEditor.aspx
http://davidhayden.com/blog/dave/archive/2006/01/23/2744.aspx
0
 

Author Comment

by:vemi007
ID: 34979789
How does Enterprise Library  work ? it seems very easy. After i have it installed on my desktop and use to encrypt app.config , do I have to install this Enterprise Library  on the server where the client will be eventually deployed as well  ?
0
 

Author Closing Comment

by:vemi007
ID: 34981636
I figured it out. Thanks for your assistance.
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The article shows the basic steps of integrating an HTML theme template into an ASP.NET MVC project
Shell script to create broker configuration file using current broker Configuration, solely for purpose of backup on Linux. Script may need to be modified depending on OS-installation. Please deploy and verify the script in a test environment.
This video explains at a high level with the mandatory Oracle Memory processes are as well as touching on some of the more common optional ones.
This video shows how to Export data from an Oracle database using the Datapump Export Utility.  The corresponding Datapump Import utility is also discussed and demonstrated.

737 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question