Solved

Connection string security\best practices

Posted on 2011-09-21
6
253 Views
Last Modified: 2012-05-12
Experts -

writing a win forms vb.net VS 2010 app, i read & write to a mySQL db over the Web. my boss suggests i store my connection string remotely (across the web, on our db server), but this idea kinda perplexes me. he's afraid any hack of my app will expose our data.

anyways, what's the best way to do this?

also, wouldn't it be just as sensible to store the connect string in some sort of ini\settings file locally, and just encrypt it?

advice & methods welcome...

TIA...

c.
0
Comment
Question by:crafuse
6 Comments
 
LVL 9

Expert Comment

by:sachinpatil10d
ID: 36578273
I think encrypt and store the connection string in app.config is a better option.
0
 

Author Comment

by:crafuse
ID: 36578280
sachinpatil10d - why? and any links to ways to do this?

thnx.
0
 
LVL 9

Expert Comment

by:sachinpatil10d
ID: 36578307
The main benefit of using the app.config is that it is the default, supported way for a .NET app to store its config, The .NET framework has support for using, writing, creating, modifying the app.config file but if you go with your own scheme, you'll have to do a extra coding.

This can be helpful for encryption
http://weblogs.asp.net/jgalloway/archive/2008/04/13/encrypting-passwords-in-a-net-app-config-file.aspx
0
Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

 
LVL 83

Expert Comment

by:CodeCruiser
ID: 36582245
The app.config is usually fine but you have the app installed on many computers, changing the connection string would be a pain and connection string stored in a central location would be much easier. You can still apply the encryption concept though. BUT, MySQL connection object would send the plain connection string over the wire to mysql server anyway so there is not much benefit in my opinion. You have another question related to this product where you mention ASP.NET and I think web would be more appropriate depending on your requirements.
0
 
LVL 69

Accepted Solution

by:
Éric Moreau earned 500 total points
ID: 36600283
0
 

Author Closing Comment

by:crafuse
ID: 36666391
i found yer work yesterday, tried to post a thanks on yer blog but it kept telling me that the security numbers\letters thingie was more than 45 seconds old, or something like that.

andyways, that was precisely what i was looking for.

thanks!
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Article by: Kraeven
Introduction Remote Share is a simple remote sharing tool, enabling you to see, add and remove remote or local shares. The application is written in VB.NET targeting the .NET framework 2.0. The source code and the compiled programs have been in…
Parsing a CSV file is a task that we are confronted with regularly, and although there are a vast number of means to do this, as a newbie, the field can be confusing and the tools can seem complex. A simple solution to parsing a customized CSV fi…
This Micro Tutorial will give you a basic overview how to record your screen with Microsoft Expression Encoder. This program is still free and open for the public to download. This will be demonstrated using Microsoft Expression Encoder 4.
Internet Business Fax to Email Made Easy - With  eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, f…

910 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now