?
Solved

How to encrypt a Oracle password in app.config in C# app

Posted on 2011-02-24
10
Medium Priority
?
1,415 Views
Last Modified: 2013-12-19
I am working on a .NET console  application using C#. In order for the console app to open a connection to the oracle database, the following conection string was setup in the "app.config" file of the console app.

 <connectionStrings>
    <add name="ABCReceiveData.Properties.Settings.TTT1" connectionString="Data Source=ttt1;Persist Security Info=True;User ID=johndoe;Password=xxxxj$;Unicode=True"
      providerName="System.Data.OracleClient" />
</connectionStrings>

With the above approach the password is saved in clear text in the config file, I do not want that .. I like to encrypt it. I do not know how .. appreciate if someone shares a sample on how to do it.
0
Comment
Question by:vemi007
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 4
10 Comments
 
LVL 77

Expert Comment

by:slightwv (䄆 Netminder)
ID: 34976196
The only way I know is to encrypt the entire connection string with any of the available encrypt/decrypt functions/libraries around.

Store the encrypted value then decrypt in code then connect.
0
 
LVL 77

Expert Comment

by:slightwv (䄆 Netminder)
ID: 34976200
Should add that it is possible to use OS authentication with Oracle but I would not recommend it.

That is connect to the database with no password using the OS credentials.
0
 

Author Comment

by:vemi007
ID: 34976227
encrypt/decrypt ?? can you show me the way, I am not that familiar
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 77

Expert Comment

by:slightwv (䄆 Netminder)
ID: 34976260
I'm on mobile right now and cannot provide links with examples but Google around for: ASP.Net string encrypt

There should be several examples.

You also realize this isn't going to stop a 'decent' attempt at accessing the database.

I can always run your app code through a decompiler like reflector and see how you decrypt the string and gain access to the database.

It will slow me down but probably not stop $e.
0
 

Author Comment

by:vemi007
ID: 34976267
I understand the pit falls .. but it is an internal application which is not at all exposed outside. I will google around , if you get a chance please send related info my way.
0
 
LVL 77

Expert Comment

by:slightwv (䄆 Netminder)
ID: 34976283
If you haven't figured it out and no other Experts show up before I get back to work tomorrow, I'll see what I can provide.
0
 

Author Comment

by:vemi007
ID: 34976421
Thanks, I have googled a lot .. majority are around web.config tied to ASP.NET, a few I did find for encrypting and decrypting app.config for my console C# application including msdnn article, but it is kinda going over my head .. i see methods defined to encrypt/decrypt connection string .. but how do i use those methods within my console app is what I am missing .. just a good sample will help me understand anf figure this out.
0
 
LVL 12

Accepted Solution

by:
Praveen Kumar Chandrashekatr earned 800 total points
ID: 34978470
Hi,

since i'm not worked on this senario i'm not sure please check this below links i hope this may help you

http://www.pnpguidance.net/Post/EnterpriseLibrary3VisualStudioIntegratedConfigurationEditor.aspx
http://davidhayden.com/blog/dave/archive/2006/01/23/2744.aspx
0
 

Author Comment

by:vemi007
ID: 34979789
How does Enterprise Library  work ? it seems very easy. After i have it installed on my desktop and use to encrypt app.config , do I have to install this Enterprise Library  on the server where the client will be eventually deployed as well  ?
0
 

Author Closing Comment

by:vemi007
ID: 34981636
I figured it out. Thanks for your assistance.
0

Featured Post

On Demand Webinar: Networking for the Cloud Era

Did you know SD-WANs can improve network connectivity? Check out this webinar to learn how an SD-WAN simplified, one-click tool can help you migrate and manage data in the cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

How to Unravel a Tricky Query Introduction If you browse through the Oracle zones or any of the other database-related zones you'll come across some complicated solutions and sometimes you'll just have to wonder how anyone came up with them.  …
It was really hard time for me to get the understanding of Delegates in C#. I went through many websites and articles but I found them very clumsy. After going through those sites, I noted down the points in a easy way so here I am sharing that unde…
This video shows, step by step, how to configure Oracle Heterogeneous Services via the Generic Gateway Agent in order to make a connection from an Oracle session and access a remote SQL Server database table.
This video shows how to copy a database user from one database to another user DBMS_METADATA.  It also shows how to copy a user's permissions and discusses password hash differences between Oracle 10g and 11g.
Suggested Courses

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question