[Last Call] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1470
  • Last Modified:

How to encrypt a Oracle password in app.config in C# app

I am working on a .NET console  application using C#. In order for the console app to open a connection to the oracle database, the following conection string was setup in the "app.config" file of the console app.

 <connectionStrings>
    <add name="ABCReceiveData.Properties.Settings.TTT1" connectionString="Data Source=ttt1;Persist Security Info=True;User ID=johndoe;Password=xxxxj$;Unicode=True"
      providerName="System.Data.OracleClient" />
</connectionStrings>

With the above approach the password is saved in clear text in the config file, I do not want that .. I like to encrypt it. I do not know how .. appreciate if someone shares a sample on how to do it.
0
vemi007
Asked:
vemi007
  • 5
  • 4
1 Solution
 
slightwv (䄆 Netminder) Commented:
The only way I know is to encrypt the entire connection string with any of the available encrypt/decrypt functions/libraries around.

Store the encrypted value then decrypt in code then connect.
0
 
slightwv (䄆 Netminder) Commented:
Should add that it is possible to use OS authentication with Oracle but I would not recommend it.

That is connect to the database with no password using the OS credentials.
0
 
vemi007Author Commented:
encrypt/decrypt ?? can you show me the way, I am not that familiar
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
slightwv (䄆 Netminder) Commented:
I'm on mobile right now and cannot provide links with examples but Google around for: ASP.Net string encrypt

There should be several examples.

You also realize this isn't going to stop a 'decent' attempt at accessing the database.

I can always run your app code through a decompiler like reflector and see how you decrypt the string and gain access to the database.

It will slow me down but probably not stop $e.
0
 
vemi007Author Commented:
I understand the pit falls .. but it is an internal application which is not at all exposed outside. I will google around , if you get a chance please send related info my way.
0
 
slightwv (䄆 Netminder) Commented:
If you haven't figured it out and no other Experts show up before I get back to work tomorrow, I'll see what I can provide.
0
 
vemi007Author Commented:
Thanks, I have googled a lot .. majority are around web.config tied to ASP.NET, a few I did find for encrypting and decrypting app.config for my console C# application including msdnn article, but it is kinda going over my head .. i see methods defined to encrypt/decrypt connection string .. but how do i use those methods within my console app is what I am missing .. just a good sample will help me understand anf figure this out.
0
 
Praveen Kumar ChandrashekatrDatabase Analysist Senior Commented:
Hi,

since i'm not worked on this senario i'm not sure please check this below links i hope this may help you

http://www.pnpguidance.net/Post/EnterpriseLibrary3VisualStudioIntegratedConfigurationEditor.aspx
http://davidhayden.com/blog/dave/archive/2006/01/23/2744.aspx
0
 
vemi007Author Commented:
How does Enterprise Library  work ? it seems very easy. After i have it installed on my desktop and use to encrypt app.config , do I have to install this Enterprise Library  on the server where the client will be eventually deployed as well  ?
0
 
vemi007Author Commented:
I figured it out. Thanks for your assistance.
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

  • 5
  • 4
Tackle projects and never again get stuck behind a technical roadblock.
Join Now